Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file_premium/6h9hyxbf0k8pkgo/Ch3%2540t_Hub_New.rar/file was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
NTFS ADS
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 05:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 05:50
Reported
2024-04-03 06:00
Platform
win10v2004-20240226-en
Max time kernel
524s
Max time network
513s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 768 created 2752 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe | N/A |
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4960 set thread context of 768 | N/A | C:\Users\Admin\Desktop\New folder\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\New folder\Setup.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133565970674750462" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{8854014D-AFC3-4C9C-8B89-B809120D505E} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{1ED5727E-285B-41B0-A51B-7621D9438675} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file_premium/6h9hyxbf0k8pkgo/Ch3%2540t_Hub_New.rar/file
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa63229758,0x7ffa63229768,0x7ffa63229778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1836,i,16822283623596065733,13418309793893931096,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar"
C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4960 -ip 4960
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 136
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 768 -ip 768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 636
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 768 -ip 768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 644
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa53ea46f8,0x7ffa53ea4708,0x7ffa53ea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x300
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6304 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2024,8025517576924099168,10351728475005636577,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=1288 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa53ea46f8,0x7ffa53ea4708,0x7ffa53ea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,15639082008152723012,7627956754240904101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe"
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO8A1E1F5E\Geometry dash auto speedhack.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffa53ea46f8,0x7ffa53ea4708,0x7ffa53ea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8A1EB68E\geometry dash auto speedhack.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,6028029198495515656,1995894992953884189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa53ea46f8,0x7ffa53ea4708,0x7ffa53ea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa53ea46f8,0x7ffa53ea4708,0x7ffa53ea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,507922644007419040,2435137019914186420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa53ea46f8,0x7ffa53ea4708,0x7ffa53ea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,6874480879242279757,5145098388607002233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2365.mediafire.com | udp |
| US | 199.91.155.106:443 | download2365.mediafire.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.242.123.52.in-addr.arpa | udp |
| GB | 2.18.66.48:443 | www.bing.com | tcp |
| GB | 2.18.66.48:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 48.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.66.57:443 | r.bing.com | tcp |
| GB | 2.18.66.57:443 | r.bing.com | tcp |
| GB | 2.18.66.43:443 | th.bing.com | tcp |
| GB | 2.18.66.43:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 57.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.european-virus-archive.com | udp |
| FR | 90.84.247.221:443 | www.european-virus-archive.com | tcp |
| FR | 90.84.247.221:443 | www.european-virus-archive.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.european-virus-archive.com | udp |
| FR | 90.84.247.221:443 | www.european-virus-archive.com | tcp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| US | 8.8.8.8:53 | 221.247.84.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.192.70.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | ec.europa.eu | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 68.70.192.128:443 | cdn.european-virus-archive.com | tcp |
| FR | 90.84.247.221:443 | www.european-virus-archive.com | tcp |
| GB | 2.18.66.43:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 104.86.111.163:443 | aefd.nelreports.net | tcp |
| GB | 104.86.111.163:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 163.111.86.104.in-addr.arpa | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia600704.us.archive.org | udp |
| US | 207.241.227.164:443 | ia600704.us.archive.org | tcp |
| US | 8.8.8.8:53 | 164.227.241.207.in-addr.arpa | udp |
| GB | 2.18.66.179:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | 152.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.66.18.2.in-addr.arpa | udp |
| GB | 104.86.110.121:443 | th.bing.com | tcp |
| GB | 2.18.66.89:443 | r.bing.com | tcp |
| GB | 2.18.66.89:443 | r.bing.com | tcp |
| GB | 104.86.110.121:443 | th.bing.com | tcp |
| GB | 2.18.66.179:443 | www.bing.com | udp |
| GB | 2.18.66.89:443 | r.bing.com | udp |
| GB | 104.86.110.121:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 121.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.66.18.2.in-addr.arpa | udp |
| GB | 2.18.66.89:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 104.86.110.121:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 104.18.33.89:443 | www2.bing.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 142.250.179.196:80 | google.co.ck | tcp |
| NL | 142.250.179.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.251.39.100:80 | www.google.com | tcp |
| NL | 142.251.39.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| NL | 142.251.39.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:80 | google.co.ck | tcp |
| NL | 142.250.179.196:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | www.google.com | tcp |
| NL | 142.251.39.100:443 | www.google.com | udp |
| NL | 142.251.39.100:443 | www.google.com | tcp |
| NL | 142.250.179.196:80 | google.co.ck | tcp |
| NL | 142.250.179.196:80 | google.co.ck | tcp |
| NL | 142.251.39.100:80 | www.google.com | tcp |
| NL | 142.251.39.100:443 | www.google.com | udp |
| NL | 142.251.39.100:443 | www.google.com | tcp |
Files
\??\pipe\crashpad_4696_ZVILJXRUVHHDRMHR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9070342ea69ac4ed03c93d1a7045685e |
| SHA1 | 1cdf366752e3f9136611b630cf41391cdf5e4a96 |
| SHA256 | 5ffc55b9804e4f496dd7a20c9f4de330e49f7fe6947ae31b89812d89584df452 |
| SHA512 | a587ed703f09b7de8bfdef030a12d858570539621c38b720b647401dd33ec9aac81085a2844b43a805e9146eeaad2c64b27120743b2d2fe7208bbf7cdececae5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f84a05b5ccb1bc8f0f9c26656a8098a |
| SHA1 | 17476d7823e995799ee613a8efe3287c2a8aad4e |
| SHA256 | aed454d8a5a86ac0f02549bb0ff323dad13308638d835028dc977038a47f4b8e |
| SHA512 | ff148c5dfdb03a70c2eef6710d6c11e429acb13997c2e99141a42e5a7e7a102a114cd6b066fc1278b32efe1f9d3e9cd3e7a32fc78865b6e8b9c21a12e383c69f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1ad21a6a70f2eaeb7462a1bbb0b45027 |
| SHA1 | f00384c63e2839b75216d25244f374092c1ca36e |
| SHA256 | e44d1ab456160e3aa940b05dc345788ef175ec75d178eb3e3beef4c25ff66aab |
| SHA512 | b42f30f74af10b6fbc2f8ca2c41671fd36f9e5df223aa4401aabff34df6b05b4f7fccb1dcae5a818460d12c1f5e4d9411e39a8f1d2993d1e203e980320e2acb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e658166f96821bb62cc3a44fe88b59f |
| SHA1 | d486ffe3456551f35179f434fdac9f43e024fb13 |
| SHA256 | 81c12184d3327c8c04a37e0147f963b44c733fcd50e38d69dcbf7b75c519c506 |
| SHA512 | 9e0be333c760476ae3806382239c0ceee9a8d9b71f5fee24ce438f827c830ea18b60cd0a80b5e651906da428c767f8b51a0785042532f09874078649b463b955 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 68b7361361142128142909a8a05f1b31 |
| SHA1 | 1a3e9a69116fb1910055d9c73274544ad3f08487 |
| SHA256 | c42486c64826fc07f06b5f3a0ffb8f35e14db5540fbed04b5243686044b60ba3 |
| SHA512 | 9594f42358afa4a0a3927b80dc921c0c513c58ff43b95d1e1c3233b0f511a177dfb362e6858a118871607b118330874282027e3eaba290bd5953cc236f1f5e9a |
C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar
| MD5 | 6e82d8d3de3d6b07aad4de0c9ebec675 |
| SHA1 | fcdde25dfb0a0b13f7501271c640244d0c1f8b21 |
| SHA256 | b1cd278881261096529c02bcd5cb72caadd75433d0d73e07a94303597d40dd4a |
| SHA512 | 0c14a1bd600d7f1e82c187e79ebe3ae9f4be4cb2418219f785d30d89a71cd3c4459dc6294af840177551245db741ab311d2c2df6343e3fecc20788cceee4e989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | afc4cd6eb97255a6f2c9ae9e9291af56 |
| SHA1 | 0bd61f2c77ced366a9c78a899ff435a71b8574b1 |
| SHA256 | d1b656bf3fc9f07aa962e05a26b1eeb857310f18bdcfe6682f8ba64896f370b1 |
| SHA512 | 539cde6b1790f88e90837694275f7e6099023d489f71894831fa56bd55de70d030a53ec195a0a8379a439628165d0f0fc74941d3dad76a6f94184acccafe052a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | e4a86dce689db210f8ae6c159a16962d |
| SHA1 | e9629a349d551d36f02586d8a74e3daf053305f1 |
| SHA256 | 366642ec935d86366dda6b3726f89c6d139ed7bee22b22df8b4527933a503325 |
| SHA512 | 5b2fd4de3deeb51aa1143b295c81fc11473dbc5a48b56f34f8ca15ccdc7a28b4ca3e65e318eef32ac7a8aadd8fac7b3170d81c0cf9e1853a7064f12480716c9f |
C:\Users\Admin\Downloads\vk_swiftshader.dll
| MD5 | 76d3589242fca16d76aff52910e72d7e |
| SHA1 | a88a7495f71b718e127bdfe09e7a279bf05bfceb |
| SHA256 | f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a |
| SHA512 | 95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857 |
C:\Users\Admin\AppData\Local\Temp\7zECE25A7B9\src\icudtl.dat
| MD5 | 224ba45e00bbbb237b34f0facbb550bf |
| SHA1 | 1b0f81da88149d9c610a8edf55f8f12a87ca67de |
| SHA256 | 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc |
| SHA512 | c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784 |
C:\Users\Admin\AppData\Local\Temp\7zECE25A7B9\src\libEGL.dll
| MD5 | 1ed91477a02e0e2a64e5e9f26bcea438 |
| SHA1 | 8058c2bd3342d8d882768188b1e5c45567a8dde9 |
| SHA256 | a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03 |
| SHA512 | c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5 |
C:\Users\Admin\AppData\Local\Temp\7zECE25A7B9\src\WebHttp.dll
| MD5 | 49d1368b76ea5ef7b3279d03a719e096 |
| SHA1 | 67fb6bd0fc126833117aa08a3a99bb9e71436b60 |
| SHA256 | 8d32708739969ea486cadd25d5c3d0bce2a23d17282e73b280c21b306c91d02b |
| SHA512 | 4134fb90c747df01b21389f7a21e5317897025dbf73a7f81602738201b429b8d083ca1e63a61ce3ecdffa6d982834b2896a1e0fbcc8be9ef3b84ffd8269a4e0e |
C:\Users\Admin\Desktop\New folder\Setup.exe
| MD5 | 1cf11de39d55d71e8c978a3e5e96e9b4 |
| SHA1 | 7e6a66d170b31db3699cc37082576d011680bdec |
| SHA256 | 8e735b709c11669e871dff87b16898292b71d95e40040b9a3bbd9fa3a57c39e9 |
| SHA512 | b1dec16ccbee6da03bb7279af4449d143e973675da5c241f5141444129914f31f82facec38b5c2a7f5f36612ee13616b4c33d369ba95333be4777bc1e2204340 |
memory/4960-492-0x0000000000250000-0x00000000002B4000-memory.dmp
memory/4960-493-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/768-496-0x0000000000400000-0x000000000046D000-memory.dmp
memory/768-499-0x0000000000400000-0x000000000046D000-memory.dmp
memory/4960-500-0x0000000002610000-0x0000000004610000-memory.dmp
memory/768-501-0x0000000000400000-0x000000000046D000-memory.dmp
memory/4960-502-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/768-503-0x0000000004050000-0x0000000004450000-memory.dmp
memory/768-504-0x0000000004050000-0x0000000004450000-memory.dmp
memory/768-505-0x0000000004050000-0x0000000004450000-memory.dmp
memory/768-506-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp
memory/768-507-0x0000000004050000-0x0000000004450000-memory.dmp
memory/768-509-0x0000000076CB0000-0x0000000076EC5000-memory.dmp
memory/2864-510-0x0000000000F60000-0x0000000000F69000-memory.dmp
memory/2864-513-0x0000000002C80000-0x0000000003080000-memory.dmp
memory/2864-512-0x0000000002C80000-0x0000000003080000-memory.dmp
memory/2864-514-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp
memory/2864-515-0x0000000002C80000-0x0000000003080000-memory.dmp
memory/2864-517-0x0000000076CB0000-0x0000000076EC5000-memory.dmp
memory/768-518-0x0000000004050000-0x0000000004450000-memory.dmp
memory/2864-519-0x0000000002C80000-0x0000000003080000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f44d6f922f830d04d7463189045a5a3 |
| SHA1 | 2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c |
| SHA256 | 0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a |
| SHA512 | 7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7740a919423ddc469647f8fdd981324d |
| SHA1 | c1bc3f834507e4940a0b7594e34c4b83bbea7cda |
| SHA256 | bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221 |
| SHA512 | 7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df407cee6b7fd3f50dd27f8b0787b8fc |
| SHA1 | 92cf6f98973ca567437768f566d98b1ed7d63c2e |
| SHA256 | a0b6a5d3cdc5c66a4d8cbc0cf2973614b38e5b624622dd16241410493e4bdee5 |
| SHA512 | 7bf88cec1fa3c8e54d6fc453f3979483a3608b00b8c136eac7b692b0593d2e708d731d0fabb0af7ec5e1919cad84644f1d12ce47510a85bf52ee6703cf2e4904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 034580a3be874b81fd92dcfc061f4182 |
| SHA1 | ba733fd983a8e179957a03fa5cbef3c201dbd95f |
| SHA256 | 971666cd4586f6067cb271a4c3925303aab232d40b4039155911c6b190042eea |
| SHA512 | 6e74109d5dc2c5627949c65574ff015ea3c35f4484c5fe3b5e7b3806ce6dc38f57bbe3c825ab69519562097f2865ed3dc024fde3d1d98edd04a99b5fa2667202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 869778d305bd37c5f59cf8f0abbf649b |
| SHA1 | c6b8632ddd01650333c80604215885137951f24c |
| SHA256 | 38536a46d2f975475dcd79b32b124a6e294ffdb1fa963fef661d24bde3bb0bac |
| SHA512 | 643ba8ceda0426983f3c65d9a29f72847180f501c90728c4b4c140847487a12eeb3de1bcd3a654188dc641bd5e2d5199a932a99e03a0c1b97535b32b32d810d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a352ff58964d1474e3f21696228a4e03 |
| SHA1 | e7d5d0b0ce85c081d54cbb6bd6c128d3317dc7f1 |
| SHA256 | 902478771f2e90d1b388d0531ea1fb6f42f17cff1ba3750e34098a3bd86bd2dc |
| SHA512 | 25a19a6cf930f67438c2f669609215984a2421bfb04c75e9cbbc2eb21ab8625c6692415c58473a17a20cf63170da72012f4a979740685b1d367190584578f782 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 298be2a3e44410e60fed9811989e2bac |
| SHA1 | 12b52aa1c3cf0bd69d59b55087f2f44cfdb9e9ee |
| SHA256 | c2d53dc327244abd8e1aebb5af7314fd6fd15e8b482d28162948136c2fa49844 |
| SHA512 | 991846576cc9c18cd4cf104b436838142ad713ba1895de6ebed8f4c41b5307e5d55ac6bd89a85801184c2255fdbac9a0411cc87273f7afe293584153f62baf81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 1c851fc45c997b14bbbf5b3ab1c54129 |
| SHA1 | b72a4a11ebe21f89e37a6caf032b689ccbb77090 |
| SHA256 | 0483eee2a3bc01f4fe9221032e6b5d636bbeb68e74a8db8f8917c6e8b8271894 |
| SHA512 | 5b19e82e5bca1aaa2d5aee968fff26f9a4ff042345df8d26c334ea7e78a01b52a8098a8b8836e26f168e15491bac9802f051e2f88c1b737122f8d40f4fd88044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 7b7a83061aae6813c422a1990c81adfc |
| SHA1 | 9eb32ded5fdeec969bdf424d0ab2cd037befc799 |
| SHA256 | 4529399e2e9c0086360244bf52a3d3d940cc49f937736bc59cee45b47a98bc1e |
| SHA512 | 8e7302794ee4f23328596afdc3424497508f09e7a3c945547b62ac6005d30629b8e1fb4f99dd2e73019120ece08144b7b81ceb0485641e93c939455f4dcb2df8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 8f4b4d5d848b49f72ec9d45000e45fb0 |
| SHA1 | 6517ec20d81ce901746076948417cfafdbcc2d20 |
| SHA256 | dd35fa6ced81d040a5aaa4726885204f44abc7ff1f7a83874b76f34bcc4d1598 |
| SHA512 | 9704356124a9f7df23cc91ff93b13fbcfbc0d09d92fa0a5d4c1dec65f7ab78ad2786ffd9ddc304bc24df4a0cfe43afa24cc0c6cc3c721088320feb5c6f7e7baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e30ebc3c7641bcdd0c9217847148b81 |
| SHA1 | c1e3bb48230b72b86514f4421fa15c4678e351f5 |
| SHA256 | eb4fbb695d92bac01b728e07c2f5a5739c8bdeb81aa6e866ca52cc59859e85cb |
| SHA512 | 956fa6d06d45ab8a70a003729f9d0e636768ca105d6d7568c7b7d116767134740de8ea06e9a09a7dcfd5aae11140ddaf570899e08f2e61f80be068b87cd09b66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4e1a5316eea2a1eb78307148eeb5e39 |
| SHA1 | a05cdd5a83cbf6e23063e3fd185fbc3bde9c5813 |
| SHA256 | 3ee0fcd5c63cee2d2761c93a8bb24d34d9ac59769c88c0478f7ed6b8e13c90c0 |
| SHA512 | 27a4b97d143d5fce23255cebd27f1b34fb2a0e5e07450ef66cf3b793017cdc9bc4d14e1f5a0d7020047318cac8a0753f9c1b1011c6a15e928a53cc854206b0fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5af8f8.TMP
| MD5 | b60ca2910d169240c3ac9689f3624f7b |
| SHA1 | f54ab8a793683702dce722a47c887b6376de367b |
| SHA256 | a668d78ead9f9e150240a94d0ae74705e5e644ff59c8afe817651da405aabd31 |
| SHA512 | 8b6981527e3416bd8a3267a4f363fe74841fce317ce64e7448a15e6e9f46f848805b58910f994ab269efe63f7f8ac4e2b2a2589bf9235b7b30eaec061501debd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9eb1981d910127ee166dc7557a91e500 |
| SHA1 | a01471dc6dbd2980bde0f81520e2f1a425b65d8a |
| SHA256 | a325b7720f71a0b11db3d634c2370e6e06a9b707133ed71410818f61db49fa9b |
| SHA512 | 11afa680e94da7874fdb9aad144767f5b89d972837990724494ffeedb2e218e9d015473be575ba1d5165c013c06c03f78bdf156016b706cc1805ec462f94dadb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01ba62e444f1318b7b1e1a9e91047626 |
| SHA1 | e45574202deb03ac67db4f3f7ea537fec94b77a2 |
| SHA256 | 433f264649691dfd1a28f66a42de4a55d414078f51bc7a0c3a44bfb8e7e0f4ce |
| SHA512 | 8e17ebde8930a75e66c2aa60983ac1382f1332990eb9a6a27743c6b6bff8ecebc28331dd24c024997ebe04bbb14a29ae81062933c562733846b07c40710fdded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b68351b7eae8f8f2ac3ecd4e1f2bfc0c |
| SHA1 | e474d2a8b2fff8b565677c7fcb5fced440ec36b4 |
| SHA256 | eb8d7fd5ffbad50faccbda427c4b258b26a04028018f3cca0d5b1c5945089559 |
| SHA512 | c97c48747876eeb4801a0cfd85d421168649620c3ee282566ead48230ace853ceaa9e04b496fc131c724c5da495eae82cccc5810470ff32f985decf496758608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 25c1e13a685c6665a9c9c4c0886ee3c2 |
| SHA1 | d8622ee100eb8742bf7ca7e99cfa751f59ada9c8 |
| SHA256 | 7afff0efa497c5a2a7c0f9ed68f22da4bf397f051715ef4b0222bfa257551b57 |
| SHA512 | 3804daa705efbbf0792fb68251b4f402b6cfe63eeec970b5d288b42820eeb30cdad522265dcf996651800c2f0045e88bdaf552e9316b86a1eed8ff94b3fc11fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3bfc5cf8b3b420851cf514240323dc5 |
| SHA1 | c7c21f63c8dd843b6cf7671e6d89661bbca88c5b |
| SHA256 | 27d201acb778fe5909e6f67d04ae56964dbaf5f74880db33ccec7e969b20893d |
| SHA512 | 91244f03ba5e6962eb9d1813fadd2df0b453be30263fe6ab67cd5683483404679eee49c0840ce53fce63ebd0bc20481742b90f539c86560bc885c49b9ebcbb46 |
C:\Users\Admin\Downloads\NoEscape.zip
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09e591f12d070ef14418c76ab37ac51b |
| SHA1 | 80ced6e4e90efe9e42581d11d8460ccd739dc9aa |
| SHA256 | ec3ed72a3bc6a4c5d78a641edf2ce6901b060a234b2316fbfcf524383fa2817a |
| SHA512 | e9eee7f0418315f4e0a2760d46b4aca4b90a8ae162bea3109d13360da1144e9980975ca6e6123fe9037c84fe33b7a480306b139d87605d75fa016ecf7753d245 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e149ee27705292d98c90e113e4d96ffe |
| SHA1 | a5020b32967c40bff71212f24f435cd8dcffea53 |
| SHA256 | 8c8ace17ca8c88c9edff2de804bec2489909f661b3931e172cf705df96deacc6 |
| SHA512 | 15f87033d518617d620f3e202b44abe8db81c5a9c9941e3aaa755e4a6e3f2bdd8f1fde06e88c497d6ae5fbea88cd42c5bd78cd8feff308f876bd25ed7631eb5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae08f820a62c08fdb557e704a8fd05b5 |
| SHA1 | 29e1f6c7ade19a93aaa88a60b3203e0f07eefbfb |
| SHA256 | eef0ffc5f1a266ceeebc3b80d69e3b550261e37b42a7f58b5aed480f6074bed0 |
| SHA512 | 6ed004d0cb453cb347c46e687a29d6dca03b07d8e296274b68be888ad29a14c29c70dd87e3b8fff309cca4965e4525d4c9d38c68c5404342b826748e7c12cfbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 950413b5412509ebb476b2dd53ee4696 |
| SHA1 | 1b79942d9d0e8f7ceeea081f5858d5ce1b840f28 |
| SHA256 | b875d80cce91d04eb3ab129329f1d9f5146ebe48dc05f2aa1ad0d118fd63164c |
| SHA512 | e5a2d26b0374dd9f3cb81f5cb5fdb4bf829337c013124ebf58cea0a943daf947696a2e17786740fdcfe6db1f72f983bdd8b473f50e65010983cc22fe210322e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a49a10871644bc702d83dc6301a95a2b |
| SHA1 | d175a93f877f4a7fcf6b3af9ddf6ad81174fed90 |
| SHA256 | 269fe27ff6c53c21b81dfe3ef79c32ed72fa6d596ae1d90a6346b697ba524507 |
| SHA512 | fed136fbc060e489b25a033df53d61a157cfad75b44eb76f57608f7132f43ca8400781bc52ea9246ac2e7c56e0222968d7237ff6b364416625711af1e3815d4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e48f07ec015c8d67dfb065a84b3b6c70 |
| SHA1 | 22626cf82bbf946598ddb0097d80d6dd47a8ec3f |
| SHA256 | 030b7769dd524a37e877d7bd26a8815cc9a9943fb7f659df49edeaf856aa723e |
| SHA512 | 578d98ea8d0aba3d1a82a7f51ec88000baf22f4cf04bc6fdf499e0502f92b1e1e65cd5d53f223067ff868c0e4935ddf46058f5c9d58f45cd94c00e279bb66b32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1cbc90a30a0fbdb29e0e300ff122b87a |
| SHA1 | 3cb7e2fa3aac3ebec3d88f32aeda30eca410c4e6 |
| SHA256 | 8a89d922b8f46995a43f9dc81af72256945071e1dad08c3015573788e22e3adc |
| SHA512 | 4b94956f004a9c2f9dc57a60fc3edc7f568d93357a4185f8293589b7e4e19c41ad975de0e63232b2ef660eb02f5707e104e3376d8176e0e68823f4e69de514ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 201e87138b91339af3528b9ac14e5df7 |
| SHA1 | b71689b578bcb14e52094e7a19970d0595fddfab |
| SHA256 | 1774595a763cbfc044bb11407f9c1a0cf60bfc5bef51a4cac1e8f2eb8cfdeacc |
| SHA512 | 709234640726bfb9aba4ff0eefcd1c485bb40405d5420422e67d44a6f3ec34079e68d9f0110be3c6f533e77959b2cc2b1e5a89a3826d7bb5b3c7e318f4719087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45dc4ec2bd6c6184120441363a0f3064 |
| SHA1 | 42469a2b09926f17dd026b7676ee3196b4876ff7 |
| SHA256 | 9ffa842f3704562e5b30635549b8c4eac87cd8f4234ba5861bfca69784054e4e |
| SHA512 | 07af5170fd97e0bd0a005788e769f95e7fb6058eb220f1e032cf54a15c02cff2234c655e4b1cc4d8ee8fcdc875cdc5ab4c7dcf14a6bd1c5bf5215d84c1fdf586 |
C:\Users\Admin\Downloads\Unconfirmed 721674.crdownload
| MD5 | 765ad8fe2f6128108d1accd0281c5ff9 |
| SHA1 | 45e69c40853fbbe796364210e84803cb19550c67 |
| SHA256 | 0779d5e9e8b5f86a7a81e0c7555b38cfc4a1a5fe31b290ddec066f9e04e6d345 |
| SHA512 | b0d1dd1829994f37d749dc01e28d8417e65521e098ed7e89815461061628b4777c3d85783771e9eed0332be79ee71ba4e18cc14d1decd86278512318a5d32386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7f83dd17b62cf576e71cc56496d757b |
| SHA1 | 678e8c6523cfe5a1923d8ed137d1fce7270334db |
| SHA256 | fcb4cde6cd9eab5cf3ee3f507fa13a66d753fe1d9d91556d1faf52656c427049 |
| SHA512 | 6615da11330ead99f3e55d3880e4889be54060efba6c2781b6a154cfbb93bf2bcca8fc81d24a6857b3fda97781ea7e3ba9d4afc962918f773f14d660a364ffff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a119019483b05e74cf0861d05153e8a |
| SHA1 | d0087bb5d18c011752620e3f2a2d85bf2bcc9331 |
| SHA256 | 3a01f78f683b11dd3cc7ed0998b3b672d9dae2ef889c713d9d7f50db966ac7ae |
| SHA512 | 65a8aa1c303af20e9e853746c73c45c85f8f43a8bb5aa68e0fa00c2362cc7c4593d03892639216ec5c1262699f4865f3c4aaf7a74e79d812b5a9de09e3cd538b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5264c151a9058b9fce71153707e5b1e6 |
| SHA1 | fc1c0466ce719cf94d9238fc22e8ece149c4927c |
| SHA256 | 31a3b3617f0d6c9154255bcdda11aa02ca02c90622c6e7eb9c6ca0674cef44a3 |
| SHA512 | d2e700ec7672dcea8d5a1cc3fa49fcb1fd55b41b35493e8acdcbe6560b61626485e22f6689060073f086159335f6b0647c84e2163f561423800a318f19d55f98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 508ab22edd34bf27728dd9878c75443b |
| SHA1 | 527c91a9a31fabc3fe11ff8a982c2cfbc40a8320 |
| SHA256 | ebe7c3e8d9b1694b1070b4d98ea1a6eb203411f9b0eb62004908ae06cdbda00b |
| SHA512 | 1e7f78bafb6e739472aa349776c6dbb5545974cf26c78a0230dcd3f1c9d5bc9db96d7799767b3a218fdb52491925553344f1086c4327225ae43d11dd36f8d8bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7d8fc09e267d6191cb433cb5afc8ba13 |
| SHA1 | 8381a0889ea4313e6de58a532f2d2e2db04e627c |
| SHA256 | fe3c9d91b1603b0744766f655949f41ec9f4492b9fbaf061148d113118c5b775 |
| SHA512 | ab81ed145dda71d63476e9e83812caf6270cfc12297731a23485dbe4892dd497d2c21ed1319c40eb6208802aa2238a9a0b328541115396afcb9c42e62f9c5485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | b2f574eeed34d6b6c451f68e5b4e8294 |
| SHA1 | 49b495c1b091afb1a32d0c2725dee8141a7d286d |
| SHA256 | 095351b226e8b0a4e8c4cbeff75465f3e8997dd782cb9da865146f8371ed0da8 |
| SHA512 | 82c952c2d719f6ec6f2835edfc9c80bc62657ed7691ecf40b478d1a79954e2d060d437af435b767f325a93be8b9dd3501ea99c8662fea24fb4710ec67459f3ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4907cb60-dee1-44a0-8a58-60e67936b6ff.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13356597260249702
| MD5 | 9b48c8dd56a1f380d4af2421720191f2 |
| SHA1 | 1dbf341403cafecc1bee9c50b6eabf2e4c6d999a |
| SHA256 | c4308006ca293a483276f6a3a5b6109cb2793b0fa55cbbbed1d991dd7802a653 |
| SHA512 | 589f962fb0711f8b14a4793f8b34a22d70862c8324beffa1687d72d435eff30d0b46b4d56527e72c7a6c3b088b9bd1822a9e8ad8b139fa25758e494bb6609159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 1c5ed3d08b6e756dec2aadd5d79e3413 |
| SHA1 | f0873225b08362968f5154d2123284e66b6702d7 |
| SHA256 | 4f8a3f14e76d8da4be9eb0dcc938eb4d61506ddd8a17f0df3c765c4e1f4235c2 |
| SHA512 | 9594b7e060956a4416616f499cc4c972ffa38cf65b5a63952ce9af0259223c36e8bd6a9ad721128f4423dbe1adeb3379be67b0c66075ade1a570dd227726670b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 0bb46dd2e3dc5e41a9ae4aca0b7df7e6 |
| SHA1 | 108f8cb1457a801f83bd051df0cf22d973b8a573 |
| SHA256 | 2cacf3aac3857483bef24e32469817c6b0ef3e347cf77a52764d3b41ca9254a4 |
| SHA512 | 345b6e420f4e1aed372cff76cc048d40c350d084f69c2a47d4f489081a6d740347b76509a2debc78cb70405afdbdcf470c155b01a5c493473a7a96950fd8423f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | e49453201449b943456a1a7aa22062b2 |
| SHA1 | 2137893c60fab0f929be8ccf2268e485b3d0b044 |
| SHA256 | eddd9db9881b5ba20e16de12aad383b905c764a22cae5761183ab8a5d15c7482 |
| SHA512 | cd90e51bf7b360f406af947d117e2958a38013b03278ef82e0471f6548cb5aec81911ba3c8bc37e84b4166663ec52edf67cf87f267f970a29cb1171bee4b4f40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 78fab866a14b24a5bdbbe6fc5af60f2e |
| SHA1 | c3ab6a0a74e5de45abcd01464b36aa97ea68cd9a |
| SHA256 | 52924064336ce50959a744e72fcd2eb696070f708d826807a068bb352f57d1b7 |
| SHA512 | 19dca01a955edfb36ac2ffa2d211b4cb6e3c0089233b52814be70a4648f6b11a8347a44818e08261cffb575b21c5eafacc99fd8667f0cf051f49f7e064a12ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 0382ce812cd05bf08384c160e87bb929 |
| SHA1 | c5796bf83df4fd806538eef3a7e9b521deb5cd37 |
| SHA256 | c4280f169b59f7a7fd12b49032d68508f8ebe2e4e69fde8da962a17380ec5d49 |
| SHA512 | 8de11df4441207c0a890278572575ce1fd56ad4b0d04056e1124c4589ddf1ba99ee4536616a77da51ba5b526ef5f3c890e7262fbe1312dae89b671739ea263df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 7a2147828b7c7b870a96dc09cbc3cf0e |
| SHA1 | de2bcf7a8616570175a981c6aa4b7b2befade6ad |
| SHA256 | 780c9f9c05142d270ae3c971652b1ac1cae43a41283cacbf2f2ccca61ca8fa2b |
| SHA512 | 6659a394a54b97147d50abdca7debb83ebc317d3a676d4f7ce6994db8a44f0c10e27b0d7345f6e6876c0db23747ba46e07e99fefb1141e12fa9ae4766e9ce61c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | eb72c77a32b34a87c87163bfe6ead495 |
| SHA1 | fc4679c6b6eb6688e5f79df784ebefd981c46e42 |
| SHA256 | 3c34304ab088e210471d2902ac98676de2159eb419c7b86c5bbc805e2aa05a56 |
| SHA512 | 7a79b424a859bd6429e06bd5ab470845ce23b2098302f93c35bcbeb46262720194c1aa6b05b1f33b0677e509a47b9de660993b24bc3884fc2aa1d8d711bb61b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2310ccf4c124cb90b7b9319cdd82152a |
| SHA1 | 29cdc8b8865304b4f016e83a7b18fe02c4611774 |
| SHA256 | 1d2f37f4e5d39a98d6ee21a265941d4514f338333ff8281177a84ae513ad7416 |
| SHA512 | 50bd75bc521e6756ff08a59bd979ad35df60dffbfb0c6c6d315a149c2a391d5ede1a9c8806f8793fb3b9fb0999d2aff62c5235c92a7419f8bee40a56339fe23b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10ad56c631e6e920ca504b1ff967632e |
| SHA1 | 302d2db8bd7c038ae19a6868efaec49701af1a12 |
| SHA256 | 00ee4ba54f9198c3949be4c2783ef856a1459ed70d62ef7f2e8363e698f7168c |
| SHA512 | e2f7788c74b6e8e001c64000fd7d23fe52a34ce783bb64b74e3b8caef22dc6b9991872884e13e84eb2cceaf3d40a9faa56b02ac6c98584bcd38e1d8104f15216 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c4634bfabdbcdb50dc6603543a6f9c5 |
| SHA1 | 525a28e7eaa1e7d46e2ca90ff9b3eaa3aeef1a83 |
| SHA256 | 41012624017a157d7234a5c3df5b4d8dc4e10ea7ed27a896707631672918e6a9 |
| SHA512 | 87f1acfb885ac46f1ca3114481fb0502404ff7ec8de45c925da75a1196bc24ee42893f5023db0edbe909e156a398e28fbabaaeb1243d97c1ddfd30fcc35c9bd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2472443e0c6d5fcf5a7874b6c6184bdd |
| SHA1 | 078d329d64562c377e84fc2c3e13436098e8ebd6 |
| SHA256 | c32754ae03e36d1a1b7e1ff3dd4cd9a12ab174a9e1226d0b96721c099714a5f9 |
| SHA512 | 7d7eba5055df541a84a05a3ec44576de568b17e300c75fef730ad30181f72888d710f9ab2c7a5aeb76a787efc903b43cc64112df987958e2ae2dcc1aab15f646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e93fd035b09c5cf597da6a56c7c9b3db |
| SHA1 | e74db287b482c2c129e92cb90f11a96ae545133e |
| SHA256 | 2e228e338441951b9c3ceb5d8b8433559b35b59863aff8d6cc042518c0803c25 |
| SHA512 | 6adaec7eb44fd247a3908f45766121d64a8745e529e3cfedcbe806d892ef861939f7b0bd6e5b6d6bd2faf6128ba4789cace18f33eef6fd648c3db056ece2346f |
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar
| MD5 | 352c9d71fa5ab9e8771ce9e1937d88e9 |
| SHA1 | 7ef6ee09896dd5867cff056c58b889bb33706913 |
| SHA256 | 3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61 |
| SHA512 | 6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be94f1963e507bfe7ae51d521b882d64 |
| SHA1 | 2ab618bcb4796680e828e8dc777c11d13ee9891f |
| SHA256 | aff495e0ad37ca692a10865695e55d621f96f1617a0b63e20ab33e38efd77bfc |
| SHA512 | 3cf4f3e19b657c0ddb1299ab7b9202384cec1aa2e32e98c6d80c8d168867480ca9bece2f3cad712f2802acde1db499262c34adf868bd43c1872ba35639f6f7a0 |
C:\Users\Admin\AppData\Local\Temp\7zO4625498D\geometry dash auto speedhack.exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d3a1790d01fb154c84a1f47808a61ff4 |
| SHA1 | 0a2ddabea78e73e16afc776015ed34e51589a9d7 |
| SHA256 | 8314b45c25347ec7377903221dab8d5e20d7cd91c12f1303acbe2898feab9ac4 |
| SHA512 | b31929155eec7ef8895de4c7fccfe8e0623cdf14bf824d822612aaf22030cae264bc17f8dbcecfda07c7445b1c634bc44ea5dbb35ded8202e016363034904086 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 772939caa8fdb2547cb3962daf1cb7ab |
| SHA1 | 2530b3ea548520e21e4a8aef09e51d8d8d487dc6 |
| SHA256 | e023f5dd0e15076ba57d422cbcc6e5d44928135746b65a55f4b69a1d1e888244 |
| SHA512 | e847c59bfc9ea802302c2a7fb23b2a97dfc083c50da6c0b82736e34423012f06b86f716403d50ac8c99c16b8bf68962812b6c3b88850dbbaa6683922fa9541bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8dc0d24ab27b4e7a5cec5c1be7588607 |
| SHA1 | 8b7465abcc09949e44aa441663a6097938c40395 |
| SHA256 | 470c07b77aedce8c073f14f784d31634f20cd6f03db39e6474f88e3d1951d61d |
| SHA512 | 171568caaf8223cc68e97e66446fa7b0c0c5113712af1d63f3da94db1c107c945dca797efe41236a4364775366f22ccce593847fc6bacfed6869e43e8aeeed13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 00a6aa55b83160975ce2d35996757c52 |
| SHA1 | 1a3d0ef47a865f522f2214339874e6562ed018c5 |
| SHA256 | 3dbc378b488fc5625ace9abd8e97288afd835e97a31b573fa6b2c3ab91905718 |
| SHA512 | ce144352d6cb471e80d1602e45cf01952126194dec00c1b24256ae24623a168983559e6b0a7800695d3428c9d2b653a84e687e0982e696a49c3e88a7208fa036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 70ea604b095288d209fb2def427bb8c5 |
| SHA1 | c178b3dbc6e2a7b0b81b4b9b031a61b336635ce5 |
| SHA256 | 142e4fbb5b1e014f3ad830011dba404de289c949a33efe3700a29b59a30001ef |
| SHA512 | cabd1162eb54e791272387b2fa189324e956963e06278d926645f87fecdc8caa3e42354203ba403387289a03dc844e6e8d2c70f33491b8d5d5cf23a758e24ae3 |
memory/4836-2070-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2071-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2072-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2076-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2077-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2078-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2079-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2080-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2081-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
memory/4836-2082-0x000001E67FE30000-0x000001E67FE31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zO8A1E1F5E\x
| MD5 | 214f98cb6a54654a4ca5c456f16aed0a |
| SHA1 | 2229090d2f6a1814ba648e5b5a5ae26389cba5a0 |
| SHA256 | 45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037 |
| SHA512 | 5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873 |
C:\Users\Admin\AppData\Local\Temp\7zO8A1E1F5E\z.zip
| MD5 | 63ee4412b95d7ad64c54b4ba673470a7 |
| SHA1 | 1cf423c6c2c6299e68e1927305a3057af9b3ce06 |
| SHA256 | 44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268 |
| SHA512 | 7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ffaf3545a429c1c656b2d70787dae9f8 |
| SHA1 | d854ce2352a674f703eef3452eff435e618fc1ce |
| SHA256 | ddc4551f4005ba7753a8652537bad5e18018ebe1ca0b0a0d9fd97b24196aef61 |
| SHA512 | 72d4147d4973e72aff2bd3b9945bf102ed82fb7a3c15b19fa23c051a7209f9f0992a7d63945b22306924ffcc9246b9506934b0ae5da1f0cfd71f95689325a243 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 897dd24868d51fa7dadc374ff7431641 |
| SHA1 | 1eef74093bbe4c64868025716d34780a8c4abd52 |
| SHA256 | 7609a147b34a5a84c26d9a39a9789a1bc5926482699026a4d25289bd399d18b5 |
| SHA512 | 22b85381941f64067033b2329d93436b440949490d9424372e8cf0eeee12cdc8322bbb7549c5b90c85fe107e6650131d1bfc8a139c418a5f8dbd462111bfbb04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | cda68ffa26095220a82ae0a7eaea5f57 |
| SHA1 | e892d887688790ddd8f0594607b539fc6baa9e40 |
| SHA256 | f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb |
| SHA512 | 84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d0e3f6790675e2fb54b473b89dedaf8 |
| SHA1 | 249aa46ef332508f87215f05baba369e71edcab6 |
| SHA256 | af73da67b8ebf03583af76ce55052a660978160da8874f413f0e82f382c8bb88 |
| SHA512 | eb0af83e8e8811b6d84d4b1bd36c83881c88b87f2a3e67738557257cb6b73aaae2ea1d088ae9c4493f458cb37032efb68985df6eb6f7ca25977827bf44ffca73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 686ba96d662e43cd50158528a7aa038a |
| SHA1 | c366c3066d31e58cf4fa55510e56484597399a36 |
| SHA256 | 5460640b1074e95d411ecd787fde403f4f7735ca5f39c62ba8f98b3cd6f89b12 |
| SHA512 | 80998cd681fa40a63d4b4a401c01955075ba0c22ca4b3dc8bf47dc34c51cc6cf8e59a95f327480d80ae53e884059ed110e8e263d573f0cd711e14c8e0af32914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c74fd7ca7ab3314ea94a923d22a806ef |
| SHA1 | f8760b118991b8bc2a5524dc85fa33e5a2895a6a |
| SHA256 | 28bfc17a3a82d4b9d3519a7f32f84092d4cdf2ff16031424d65f02ad6434fb54 |
| SHA512 | a77a29fc7ad23b32148641de7525d0c79ee801c78370f610c3ce02111597fbaf7cdc374605e06f47aa5fb3e54e93f6683bd55425115b7dbfdfc0e83db12e45a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1da5657a063a0993c795f5c954e6568f |
| SHA1 | 0694e2137883a7a8c0ff2450fd9c15818937263a |
| SHA256 | 2752fc9b4d30801d2a25e464e129b741d8b7e417e619e103526bfa8513c7114d |
| SHA512 | 7190ca063d262db1567aa659029ace713c2852014085061f1b3165089703ac186b8e1f0108f8539751a6a66363efe573844546121065c036cf1cdbc97cce2ba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ecabf9e71738f7d2806884dc8f88f29 |
| SHA1 | be95498c4c4cda7c1fd1c2e1ab3f9de3b84d3ba3 |
| SHA256 | bb8a78bd0b36e967e5b028c884388e4b27964703735d296208f5a8cab5356ead |
| SHA512 | a803479cf5ee39dc3b5bddc5a6708dca9c282e54e319784b58634d82db70998335244fe5a39973c3b5873f828998476e7ec77cbd6473cb4aa8ec110ef211850d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a9e170fe2d633d6acb3b3ff32fded58 |
| SHA1 | 3019a8e84a31234d07cfe92618a39391c6fb5982 |
| SHA256 | 44ea105fb2b418cadd78020b74a5005cb91dc3bcc5b841399cc772a3fcf72c24 |
| SHA512 | 49292476ce40266d928a3bc9cb782cd9beaf20ab70b94abc013a79941823660eb95bf9119a67188db34ff1ed0f4a0bb0c8f00764b2bd437202cd26f698b10c45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\abcca923-44c3-4ed2-b78f-9a7197a9ee00.tmp
| MD5 | e6c11d9efbfbea564c679909af838a8f |
| SHA1 | 8e498b69cf392fd0f64f8eb92f16faef1c3afdec |
| SHA256 | 66925b4bf04e72ad21eb8a2f2f4d9aac7878ee0b8542736f21cd650a5f480633 |
| SHA512 | 87d0ff84da55ac0b012f32e3641ac4538f121e11f4b29c09d4e1469f420fe7df4107e4cdae6a02d13a9d10d9a0984d562896481ec61a571c9895c7ce0cd6c603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7f3303735c0baa4016eabcb589bb607 |
| SHA1 | 4fd3a7fee2d17f74edcf4461d6fc565d24db194d |
| SHA256 | 72464b8b0b02ef1c6685e62dd727f92575164f30da98495c27498f91c245f9ba |
| SHA512 | 325c6bdfcf511ab5c048e25ae868586a51619b375c8af48ffd6a30b346a8fba3b450fa04afcb9c80b6ea7a9f9748e1ac7df8219ed2456ee52253ff2632e0c42b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a5d539d9ee791da21b1edb542791d8e9 |
| SHA1 | 832d953e1a80828c661188e0d3610b3d0839dbeb |
| SHA256 | 6137900958288f6d2225ad1edeb6cc2803ddc7ed62c636e7418637bf3c6da55f |
| SHA512 | ebcf81d3cab4645c1bb2a7c63f4c1fdbb9a5b2830ff04fb1142a217db6503df7ca5d92bbcbc4dea422fabf49e4dba3fb99e347973e4f0fde3bd168d1acfaaf7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f98036c1dd5b89de58cf7b12fe58300b |
| SHA1 | d7a96808bf9836a862584a54d33e423c5ed5043f |
| SHA256 | 3c70729e3d6454a41ed656fa71f6076f152f3d617ec9f3f79d4d7fe8e7148cc0 |
| SHA512 | 7d86d69d116baf2e6161545a10de4011f493fd9c9ea6edd47856c57e43f7e5d0b4af12139cc09962f4c3e1127979e62daeb9250238e3ad792f43b87bfea55d68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5d6b207557883a7de95e3d355bba6c26 |
| SHA1 | aec97eaaa8c8290a28a53de314e0bac758ac1bf9 |
| SHA256 | 2f1ed32b909a8b3f3e2f3110ba14f2689d5e3f9beb0b93155ba67c0d3c73c292 |
| SHA512 | 64ac1dda1f0f8353d33caf53e007b9287cb440b28d908833195211532e75da5762333d3b10e46d4c2241e5ff2de134cc23f5a0abfef9e08b47af8f2ef872cd39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2a74c564be628bf473c06d07294afe8 |
| SHA1 | 3bbc237cca81053cafbc1a1ae5bd0c0f1df5048f |
| SHA256 | 2b02351e71633dbfe0f0d0ad65302701a20554c5e3472be44c520afe5d4529e9 |
| SHA512 | 52509ddf65908f33b0805b36aebaeb451a3fd9ad555cafde1c3c82ddd8f935f339aa1686dc0e138bb8e8598d8f4a5d19697cf59b8cfd7b2cf45a368bd5e90317 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | ab6ab31fbc80601ffb8ed2de18f4e3d3 |
| SHA1 | 983df2e897edf98f32988ea814e1b97adfc01a01 |
| SHA256 | eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8 |
| SHA512 | 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abe7c459e9179e6c79a17307ffcf9f09 |
| SHA1 | 5f141ecc2f381b05c0aeac018eaa7fce6f3dfa29 |
| SHA256 | b083d17862f044bf20e189807e1ccdd787928e0ebbe441e336752ef6dc1672f7 |
| SHA512 | f51a80429683ea99afbf4e7b9520738e4bd4213be21fe8fba2755a420b2adce5a66980bdd11c15f9f0b05ee5df16e60012114b5f85f53d0e9896c36106bc5e75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef18f9b4aca3286f2046f907faa1c436 |
| SHA1 | 2720e72cc404138b4482ed2b76d556189e02eaee |
| SHA256 | f160ba41023b8a3d10438ca515f71d8e1246b6a3e759597b02f6ec8cd34147e6 |
| SHA512 | dc89a69e7c908b00fda71577b32cb3a9c834d927d1e47da0408d75577d46783785ce9c1171953e1218d7a1c5813e36ac7228357f538cf9ad28ccc3db064445eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 88434ae40cfe76ae0610f5a0bed091d9 |
| SHA1 | 1595817b82628988385c8e9870dc8b5d2b8d74dd |
| SHA256 | 77fe1620f3254638378151ee3c273cd983bb6dc232562cabfeffbbd82fea3915 |
| SHA512 | dec461025da61ed18fd237daa19fda5e4cc98ccba567b21d11cc33782315cf755b41af2adfdcea82ae9977205176239be2e6e8c3083b89e18a55aa595089c201 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 0e3178002d3f5988599f3661d8c4c255 |
| SHA1 | 207fea63e6e7313590d231da992cc4b6e75217d4 |
| SHA256 | d544945e682810e43f8406a01ad464b7e1974e11e6fb046710ec0cf69e17f3c0 |
| SHA512 | 721de5479b0f82c205643f7542e8e96806b49dd4fdfe73f4753cd2280c9149f1a2b3bbe51c56de1943410f68fc1bb811f4434758c2f3fe9f9987d916c436d9e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b52c91e45a3c339230890343b82acc5b |
| SHA1 | bdcc469ba0ea79cbde2265ee615f243135359968 |
| SHA256 | 42932f2f77872d350d36f1cd1a8f7e3e4bb73c17edea6a02f7c5ad3303c5bf6f |
| SHA512 | 2c399bccc1e2e7ae782c394fb7ec06c5f4c42ddf72719cf34e9b2f39c139ec8815a505007738ac96b8ed45eae7e7a553bc429d8e891a4b8d1ce4176b86112fce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 58494a9ed0585706d0f3f6b2c269cef5 |
| SHA1 | da37ab62b856eeff9a63a409bd2664222c3eeca5 |
| SHA256 | 2653660a5c7fab3f372527a6e4ba42969b2d10e9be6ae531ebd719107fd5e3b0 |
| SHA512 | eb03b0783b295ad2376c99cfc15fa42771778069a347f4e0434bc2dc157b2f2af58f2320722f666a5564573d0690be1b6b39c111f371f7f4b742c365da591246 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 22a6a98671fb7a68f63e880c5327fe37 |
| SHA1 | 9768ee62118a44319ea9209898d7db4e6a30b1a1 |
| SHA256 | 4bff041e80ca57a2fdb9b4c6175a2a55eebf6d87433b7e319039a191230e076a |
| SHA512 | 85bae1456790f6a970607cd3e0beee654dd5eefb982b35da7a359839474339e07e928221ccf2bdf7d798729fb9d1b6de9cb7e0cabd9e18292278b23ec2b14c04 |
memory/1220-2682-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2684-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2683-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2686-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2687-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2688-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2689-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2690-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
memory/1220-2691-0x000001FA680D0000-0x000001FA680D1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 05:50
Reported
2024-04-03 06:01
Platform
win11-20240221-en
Max time kernel
651s
Max time network
630s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 768 created 2936 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
| PID 3308 created 2936 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
| PID 2996 created 2936 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO4855D931\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO485F2E11\Setup.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1856 set thread context of 768 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1672 set thread context of 3308 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO4855D931\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1476 set thread context of 2996 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO485F2E11\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Program crash
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133565970673021080" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO4855D931\Setup.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO485F2E11\Setup.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file_premium/6h9hyxbf0k8pkgo/Ch3%2540t_Hub_New.rar/file
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffebe29758,0x7fffebe29768,0x7fffebe29778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1824,i,4226559607509073340,15190512408271524961,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar"
C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1856 -ip 1856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 1008
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 768 -ip 768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 768 -ip 768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 516
C:\Users\Admin\AppData\Local\Temp\7zO4855D931\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4855D931\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1672 -ip 1672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 988
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3308 -ip 3308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 520
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3308 -ip 3308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 516
C:\Users\Admin\AppData\Local\Temp\7zO485F2E11\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zO485F2E11\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1020
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2996 -ip 2996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 520
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2996 -ip 2996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 524
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 199.91.155.106:443 | download2365.mediafire.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 52.111.243.29:443 | tcp |
Files
\??\pipe\crashpad_3980_JUMOFDMRAKDIQUJN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7f2122b9f98223dd16b8e45bf511d396 |
| SHA1 | 9f18029a2fc217682f51915544b508b82f3d11cc |
| SHA256 | b8da25736f586d449dd6fbdd2e4f1a1b6c8c6d4383b04f2f576db917ca654209 |
| SHA512 | 514a00c2108017c7980c7a92dd4bfd1c9c0b67cb4139e08925d93d08203cb903e05ba0a065198cef71818dddc69d67efbe4b7f8cd7549dfb100908b28bb4e754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 090cb22ac97e5db52e5aecc9d65fd973 |
| SHA1 | 4685a919491f4714eda05668388764f2529d7e1c |
| SHA256 | 084dfa3b4f86641fccb3703dfe6411f0ee5ef4c9d6b457d54bb8de49c32d7866 |
| SHA512 | a6fb98e0f979b615b39a387fcf6bd4ba42d54d77c269884346c8d43a9609a88325c34395f1e8b1586518efa700c023fa1f774d0a85e78c4c5f1f28b26c390391 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 05850e20df4ff5cc9efe49d11b13a8b8 |
| SHA1 | 0a9fb2967cf88f939c52fd7cafcac7a0b7fd592e |
| SHA256 | f2e2fabeb9b2e7b65aac23720f0c7e23cd44378386d66d5175a0bab82c6198ca |
| SHA512 | ef242f9e2fa21f3bf09ddf907f71f5377a9f3089c6004d4f2d6c2262988cc82a2a46e0f6dace4aab509a2dcef66c4b9ce71232a62649f8e3ee9de5a09f81e5c1 |
C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9c1dd34c80b511e9dc16b96211b2366 |
| SHA1 | 100fb255013bbd935b8eeeac04e93d57938140a0 |
| SHA256 | d7569bb2eb44b17d771fb02679aa4a084ce6709a4032ec257acd8d964b59582d |
| SHA512 | 857574fa0bf7555b8948a6f009954c884b32a9b41c69e41ca4a830baca2312fedb2daf6f0475e834f45b25fef9beb206e457d714564f4f6f4822dbe07bf12925 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ca6a22ff326d5eae006f5e8f3f601ed3 |
| SHA1 | 740ddcf1158c9fe4f97aa188b767b62b5dc178a6 |
| SHA256 | d104876610960b5d2b0fb81e94a416e6956ffdb3dd266be7bc00025293ee7ae6 |
| SHA512 | 302a761ffc702f3252390dc85fed50babefb50640676f05b8ca82cf52024b8ae2a00e5c2a099fdd86071439d06a401d744e61d03bd0684ac9fed3686a7555749 |
C:\Users\Admin\Downloads\Ch3@t_Hub_New.rar
| MD5 | 6e82d8d3de3d6b07aad4de0c9ebec675 |
| SHA1 | fcdde25dfb0a0b13f7501271c640244d0c1f8b21 |
| SHA256 | b1cd278881261096529c02bcd5cb72caadd75433d0d73e07a94303597d40dd4a |
| SHA512 | 0c14a1bd600d7f1e82c187e79ebe3ae9f4be4cb2418219f785d30d89a71cd3c4459dc6294af840177551245db741ab311d2c2df6343e3fecc20788cceee4e989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 040199fb507bb4f6dde27f8125cb904a |
| SHA1 | ecb2de7935d3ae338fa68c63e0e5fb6d6e756e27 |
| SHA256 | a759fd6ff1fa5127b8a44d58f7eb3efe3e451fd50b01a6d0be3afcc4d05bad64 |
| SHA512 | 646a128e035e8676f0244114c89debea15edd296eed3ebf8a89fe9b4d8e08fc049976cc8170989d44e90ffaf72530fb5bcbbc7f6fbaca035502144fcc4c4b746 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe60dde1.TMP
| MD5 | 1fc75115ca6c652c1e38b8c9552eb36f |
| SHA1 | 5ac2a785dac504a47cb4a4026820c4ba1351cf5a |
| SHA256 | 7a560bc6de925a78b136fd7a0149d898d29c49ee15a95994dd841fdcc26fbb96 |
| SHA512 | 251936b3ba05c9781db7be41f68fd0decf3fb81235a66a7d033f952abd455a92c9b5975a3cc7e4f7a629bf8e2286f904956d45f2ee670899844aeea3e93bae1e |
C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe:Zone.Identifier
| MD5 | 87e5d0f480797f40a0ce5ab2245eb8db |
| SHA1 | 4cb4218f737c723fbcc28469552d42db1795d494 |
| SHA256 | e31ad31c1096f6f3340fbc1099c981b13d9a3b952c330c178952060110669726 |
| SHA512 | c6639cb8f39f7a4c1fe3ac8f057f9251d4048dc51813370583af0da0b9a84842e15bb7c3d5991140ad589b96ddc93fab9ba29aeb525265680a21939ef0d248d5 |
C:\Users\Admin\AppData\Local\Temp\7zO48596EC0\Setup.exe
| MD5 | 1cf11de39d55d71e8c978a3e5e96e9b4 |
| SHA1 | 7e6a66d170b31db3699cc37082576d011680bdec |
| SHA256 | 8e735b709c11669e871dff87b16898292b71d95e40040b9a3bbd9fa3a57c39e9 |
| SHA512 | b1dec16ccbee6da03bb7279af4449d143e973675da5c241f5141444129914f31f82facec38b5c2a7f5f36612ee13616b4c33d369ba95333be4777bc1e2204340 |
memory/1856-131-0x00000000000A0000-0x0000000000104000-memory.dmp
memory/1856-132-0x00000000742A0000-0x0000000074A51000-memory.dmp
memory/768-135-0x0000000000400000-0x000000000046D000-memory.dmp
memory/1856-139-0x0000000002580000-0x0000000004580000-memory.dmp
memory/768-138-0x0000000000400000-0x000000000046D000-memory.dmp
memory/768-140-0x0000000000400000-0x000000000046D000-memory.dmp
memory/1856-141-0x00000000742A0000-0x0000000074A51000-memory.dmp
memory/768-142-0x0000000003A80000-0x0000000003E80000-memory.dmp
memory/768-144-0x0000000003A80000-0x0000000003E80000-memory.dmp
memory/768-145-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/768-146-0x0000000003A80000-0x0000000003E80000-memory.dmp
memory/768-148-0x0000000076350000-0x00000000765A2000-memory.dmp
memory/780-149-0x0000000000450000-0x0000000000459000-memory.dmp
memory/780-151-0x0000000002180000-0x0000000002580000-memory.dmp
memory/780-152-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/780-157-0x0000000076350000-0x00000000765A2000-memory.dmp
memory/780-156-0x0000000002180000-0x0000000002580000-memory.dmp
memory/780-153-0x0000000002180000-0x0000000002580000-memory.dmp
memory/768-158-0x0000000003A80000-0x0000000003E80000-memory.dmp
memory/780-159-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/780-160-0x0000000002180000-0x0000000002580000-memory.dmp
memory/1672-183-0x00000000742A0000-0x0000000074A51000-memory.dmp
memory/1672-189-0x00000000026B0000-0x00000000046B0000-memory.dmp
memory/1672-190-0x00000000742A0000-0x0000000074A51000-memory.dmp
memory/3308-193-0x00000000037C0000-0x0000000003BC0000-memory.dmp
memory/3308-192-0x00000000037C0000-0x0000000003BC0000-memory.dmp
memory/3308-194-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/3308-196-0x00000000037C0000-0x0000000003BC0000-memory.dmp
memory/3308-197-0x0000000076350000-0x00000000765A2000-memory.dmp
memory/572-201-0x0000000002310000-0x0000000002710000-memory.dmp
memory/572-203-0x0000000002310000-0x0000000002710000-memory.dmp
memory/572-202-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/572-206-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/572-205-0x0000000076350000-0x00000000765A2000-memory.dmp
memory/3308-207-0x00000000037C0000-0x0000000003BC0000-memory.dmp
memory/572-208-0x0000000002310000-0x0000000002710000-memory.dmp
memory/572-209-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/1476-232-0x00000000742A0000-0x0000000074A51000-memory.dmp
memory/1476-238-0x0000000002AF0000-0x0000000004AF0000-memory.dmp
memory/1476-239-0x00000000742A0000-0x0000000074A51000-memory.dmp
memory/2996-242-0x0000000004270000-0x0000000004670000-memory.dmp
memory/2996-243-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/2996-246-0x0000000076350000-0x00000000765A2000-memory.dmp
memory/1340-249-0x0000000002180000-0x0000000002580000-memory.dmp
memory/1340-250-0x0000000002180000-0x0000000002580000-memory.dmp
memory/2996-245-0x0000000004270000-0x0000000004670000-memory.dmp
memory/1340-251-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/1340-252-0x0000000002180000-0x0000000002580000-memory.dmp
memory/1340-254-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp
memory/1340-255-0x0000000076350000-0x00000000765A2000-memory.dmp
memory/2996-256-0x0000000004270000-0x0000000004670000-memory.dmp
memory/1340-257-0x0000000002180000-0x0000000002580000-memory.dmp
memory/1340-258-0x00007FFFFAA00000-0x00007FFFFAC09000-memory.dmp