Analysis Overview
Threat Level: Known bad
The file https://www.youtube.com/watch?v=s86Ah3TFqO0&lc=UgxqJr11GcrC6PbNAOV4AaABAg was found to be: Known bad.
Malicious Activity Summary
DcRat
Process spawned unexpected child process
Modifies WinLogon for persistence
DCRat payload
Command and Scripting Interpreter: PowerShell
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
NTFS ADS
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 05:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 05:51
Reported
2024-06-19 05:55
Platform
win11-20240611-en
Max time kernel
214s
Max time network
215s
Command Line
Signatures
DcRat
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Windows\\AppReadiness\\identity_helper.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Windows\\AppReadiness\\identity_helper.exe\", \"C:\\Recovery\\WindowsRE\\SppExtComObj.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Windows\\AppReadiness\\identity_helper.exe\", \"C:\\Recovery\\WindowsRE\\SppExtComObj.exe\", \"C:\\Users\\All Users\\Desktop\\msedge.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\SppExtComObj = "\"C:\\Recovery\\WindowsRE\\SppExtComObj.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SppExtComObj = "\"C:\\Recovery\\WindowsRE\\SppExtComObj.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\msedge = "\"C:\\Users\\All Users\\Desktop\\msedge.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msedge = "\"C:\\Users\\All Users\\Desktop\\msedge.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\identity_helper = "\"C:\\Windows\\AppReadiness\\identity_helper.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\identity_helper = "\"C:\\Windows\\AppReadiness\\identity_helper.exe\"" | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\RuntimeBroker.exe | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| File created | C:\Windows\AppReadiness\identity_helper.exe | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| File opened for modification | C:\Windows\AppReadiness\identity_helper.exe | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
| File created | C:\Windows\AppReadiness\1c7346099e1d63 | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Cheat.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings | C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\gamesense crack by Zodak.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\AppReadiness\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=s86Ah3TFqO0&lc=UgxqJr11GcrC6PbNAOV4AaABAg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc30143cb8,0x7ffc30143cc8,0x7ffc30143cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5128 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\gamesense crack by Zodak.rar"
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Users\Admin\Desktop\gamesense.exe
"C:\Users\Admin\Desktop\gamesense.exe"
C:\Users\Admin\AppData\Local\Temp\gamesense.exe
"C:\Users\Admin\AppData\Local\Temp\gamesense.exe"
C:\Users\Admin\AppData\Local\Temp\Cheat.exe
"C:\Users\Admin\AppData\Local\Temp\Cheat.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Surrogateprovidercomponentsessionmonitor\fwEx1nOnvkg59k8ditiCSLvZ.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Surrogateprovidercomponentsessionmonitor\8dC7dWURSvVb5jH3vbVWqYn.bat" "
C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe
"C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "identity_helperi" /sc MINUTE /mo 14 /tr "'C:\Windows\AppReadiness\identity_helper.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "identity_helper" /sc ONLOGON /tr "'C:\Windows\AppReadiness\identity_helper.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "identity_helperi" /sc MINUTE /mo 5 /tr "'C:\Windows\AppReadiness\identity_helper.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "SppExtComObjS" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\SppExtComObj.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "SppExtComObj" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\SppExtComObj.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "SppExtComObjS" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\SppExtComObj.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Desktop\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Users\All Users\Desktop\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 13 /tr "'C:\Users\All Users\Desktop\msedge.exe'" /rl HIGHEST /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\AppReadiness\identity_helper.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\SppExtComObj.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Desktop\msedge.exe'
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Русский Manual.txt
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TxzBVPDJKX.bat"
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Windows\AppReadiness\identity_helper.exe
"C:\Windows\AppReadiness\identity_helper.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,10733165766145013014,15155118774781077952,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4800 /prefetch:2
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Users\Public\Desktop\msedge.exe
"C:\Users\Public\Desktop\msedge.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 173.194.183.135:443 | rr2---sn-aigl6ner.googlevideo.com | tcp |
| GB | 173.194.183.135:443 | rr2---sn-aigl6ner.googlevideo.com | tcp |
| GB | 172.217.16.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 74.125.175.136:443 | rr3---sn-aigl6nzr.googlevideo.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| NL | 74.125.100.71:443 | rr2---sn-5hne6nsz.googlevideo.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 173.194.140.9:443 | rr4---sn-q4fzen7l.googlevideo.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 173.194.140.231:443 | rr2---sn-q4fl6nde.googlevideo.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 77.88.21.148:443 | docviewer.yandex.ru | tcp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| RU | 87.250.247.182:443 | avatars.mds.yandex.net | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 93.158.134.36:443 | favicon.yandex.net | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 195.209.108.45:443 | ad.adriver.ru | tcp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
| RU | 77.88.17.51:443 | s532vla.storage.yandex.net | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 172.67.206.236:80 | 729231cm.n9shteam1.top | tcp |
| US | 172.67.206.236:80 | 729231cm.n9shteam1.top | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 418d6ae7018df9202508b29666d4993f |
| SHA1 | 2fd78bb51a43911f6f27be12f93c8ece7a432736 |
| SHA256 | 4a317030c5028d1506a634eda4cdc84ae69621e596278c935899aadb89be824f |
| SHA512 | e47f9aebf117c0a96776ef48e2f7edce14ff08a63920ed899da695a1b1ec1b5e73f23674e3ac387e396561194d67e505f3417056214318f8c83af879754de0ff |
\??\pipe\LOCAL\crashpad_4472_TXWMQGORFOUPDUGE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e55267c0fbda9d8df06b42d3b78760c |
| SHA1 | 160676e944f686f75f960c30b0f3ff603467d5fe |
| SHA256 | d03b831f28544786739b84a32aa015a3f760b4e0b26cb5777fe55f4678d6aa8e |
| SHA512 | 1a280b569189d3ce02b7fd9a53c0085f8f5a8a1f13c0f00c8aee23dfbd042bac5b2c0d3e64cc5a420dcca9a20bd1bc4c1be262343effda8f109de874cdd63ac4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2d50b2b26193b067ab7387c789e9a1a |
| SHA1 | d7a2028b5d8a9097b2669653053c355d52e507c5 |
| SHA256 | c2cf8d932e250653c2405b61c446b7a5ac73daabab18d225ffd6dda54672bf5b |
| SHA512 | 446a97a17d800ac67b3ee9151d9b6c2de3c5e2e10bafe1dae680abdaed5ad94fc05a36d1cbc492473cacb4fe546b904309587d50a2c6f40185bb459d877dbfbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 99e6f5eb45ff6d21d7e953f760b2cd05 |
| SHA1 | 206a27a702dccc6e3120a1fba73938619376d43f |
| SHA256 | 27f6a7b7adce7176730122b66330b629886d75e61966b0b392b96f96eae6a1be |
| SHA512 | ed04a2d928b4d5df60db8f4dc5e11903b0f28b318c4f5da7eee5a9792edd26191eccdbeac8b46fd404746c6ec122c60f6963c85fbbefaa0c76a42cbfdeea77bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e7f96deac388363ea7ebbbbe33fa738a |
| SHA1 | 9a96c64ed0da6872ba29bf88376c35656c58eea1 |
| SHA256 | c6dc6fa81a9302661074279e8755d77569ea9caf1aa8c845e03d09e2d01e8bab |
| SHA512 | 62a1bc8111f31465973fb8518eb0aad8dca90221368c7fa91c92fd853f9d63e94cbb8dab69d12fa417a1f9dc1dfbb669f61e9f47873950e9eb5f06302890810f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 943aeb799723c7f291fe7872f2632d50 |
| SHA1 | 068b6444ec3bff32ee28631037e00e35d22828ec |
| SHA256 | eddae44774a015ea2430cf8918f7227de296709bab39b6755c8747d877548e17 |
| SHA512 | c8264d766e6752165622fcbace6af76f393e6366ac054f2f542831fa3ef06e7785f515e7e10b9b7a4a0f34e86fbb342540c9fae2d8c8c1d9abfc0013b9e61922 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4ee4247ec4a940d649eb49bca67bb534 |
| SHA1 | d594f33a0e2bc44b9931539088540d9e79709a8d |
| SHA256 | d12642032fd3276c1d65d2a3dbe5b40e1a958516fea6359d977ed1fc1496fa8c |
| SHA512 | d4c917bb034810a7d181a0b8305b9a5ed7da42043ea86f86a3e90eaf277bc9357d41ac9a41661b26ddf11558e6f3c9924e2335dcc888c8db546ada4bdfd2e9d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7511e48222cbef0baa990bbf96211398 |
| SHA1 | aaab9cf5061c0d51eabb464eca6ba749b3f82520 |
| SHA256 | 418b70b456bd59f93da8e7263961f0d98a26c4443e741060125e2a8e3af362df |
| SHA512 | d43eaaa8f852ac239fc68b7e15fc5365f49dcdaf9c9a0e2bae9f594596f4eb20653e1992326a76a59c8ef87790f538b406c7068f1886db4fe74223c5e4e54995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7158ff4ae001077bf75f969642178648 |
| SHA1 | f4d7a48464d581ebd2bbb85d00c48ee2e36541b6 |
| SHA256 | af57e4c7e787150a46df9c6975f57a8e0e8d6160e8b602daa801382d79ccbb3e |
| SHA512 | d5e2e7053fd9819828e2ad25e623fe93fa7f0cd8602c91bcbff66dc5a28ae8431852f7fb5aacf5852eca0a397b173b6fb854e8e55d24713093d2e297ab59a6c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a6b7032b73481036ea61cd30e523c833 |
| SHA1 | 775b0d5ce950434d0fb4bf65747691376db91510 |
| SHA256 | 97c419f8cde56ee053ae721766d13f0d997f30a16e969ec838c7e0a243f3d8be |
| SHA512 | 23f87e252a4182e166f43189a8079cdee6dfa2f06608ffa0e40129d575343021adecb2f7512c074a946a79f4dd0826581582f4630f436c37022be384c5edfa83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 35db687e85bbdc5b8f8faeecfdabc3f9 |
| SHA1 | 127e816263cff2d1476093e0d0bf768f9d4d68c7 |
| SHA256 | 02ad26cf251dd2b180b12ac33cef1b3252e6bdca155bcf1e838874fa24c948ad |
| SHA512 | 160bd1549861846ae28f381bc0baaa165c8e2fa9a3679296d98952cade62dea2ec623f304f9cbd41fd7a389292244890c10e6f51a4e6b76e7eae2da9fd20c7f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588cda.TMP
| MD5 | 0aee6ba2c5fa7b461072b1848de28ed5 |
| SHA1 | 06dd7b3ebbb986c66632e2dfb3c94ef53301f957 |
| SHA256 | 6b01b4c331b48d514f78a2081287a8f1c57c442b9417a24b35e5791c0f841b42 |
| SHA512 | 070cc71fb69fd26a0785a40856210258e496cae0f7eb9d4875296c0ea9a2f2d90e4cc2b49e6921c270facdb5710d410e01bd5d1c307fdb57160b2e09e9d6f007 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9ba6acb7-474f-4db9-8510-53f5c1c946eb\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2f2514c44783aa0c7d6ccb801ab8cdd3 |
| SHA1 | c1ea8587dc0a6046157d1a106a90bae2f39f7a98 |
| SHA256 | d8329c3f69e29a3320bc958811dd7915f68a90437473049616fbc05c2921eb98 |
| SHA512 | e4be466b9b927115eb0c4e0821f4c3938a93e4a318227e036e0424b1ad03210d16bb63f1a5fca0545c97aa8cdd3d9adb4f554147394f371decebbccb41f35c00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3a6e7ee4253c1924ba1fe03769ad669e |
| SHA1 | a3f3ca7df012d3ff157e20f871ab15c86e02df4a |
| SHA256 | 0b937499258f2daf197c1e397b727256eb95c0be9e08945319c21a1436972d2b |
| SHA512 | 26a5f73c3d2bfe040f05347c986c2b0d665b5e0eed36f0589b561ecca08315441d2783df278d77ff4e4e1629c0cd8a511aa029cf7f08972cfec29d16efeccea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dd95c665-d3ad-4e83-9ff2-ed6a579a060e\index-dir\the-real-index~RFe589bbe.TMP
| MD5 | a3684cc7f3f76531ef3e202dc711378a |
| SHA1 | 6acb8a530d6df874ea65c271fec0b61e0bdcb51b |
| SHA256 | 335778bb10432385b4df4d51545d776379ca30086c76aa4413cf9628a1bfe245 |
| SHA512 | b7cb505a36266157abda2ce961367727a7552283ace010d2d5fa265f36ca6d5e74bbe9e8715c72c2170a9ccc0d7770be509b8b02f809c0d1030fb2a4851d9f6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dd95c665-d3ad-4e83-9ff2-ed6a579a060e\index-dir\the-real-index
| MD5 | a3a94b4f83a651c734c9061db53f0a65 |
| SHA1 | 2184dbf093aa4738a12d2b07bac69fdf4bd0d67b |
| SHA256 | de231770213471208f6f55468cb57a19539be289f8eb6d0c8f51f3a04f0b89f9 |
| SHA512 | 683e1d2587d9eb006330fb282ce0379934bdf40992b3c75e81efb246ed9761711771636af7b49fd900d354a9b1202a8954914d8b29c5062f89fdbda8655ab1ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cc66b9231575521cf5f45edc5c6bebbc |
| SHA1 | c9774f604b513d19ece4a6630ac1a24bd6e7d5eb |
| SHA256 | 516fcc631b485fb9b9bc2b88358fe5f22131238a0301c8b3df00303c34b945b6 |
| SHA512 | 2ba634f7669bb569ad4ac5a987d1c375e8967beeaea2443a28fb180016e448e4698732ac51ce44c0b5dbb63cf159b9080750b3a5b0c87fd0534adb3132d030e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a6ab.TMP
| MD5 | 35fab3f6675ca2205df7aa8bfab06965 |
| SHA1 | 7ba4f7926dac087e0a049908c2fa86b0767b614a |
| SHA256 | 775a6643545022ca06e260ab9ff06236a7720a81c638d629cf1ca1fd38d122eb |
| SHA512 | cba924529f67024614d9cf68169d9e22b1a3d481fedeb0ea6af69d04a201bb7907d5a249d38ff99ad5a6c33be0a2b771149fbfa06286f139f80b3d881064c1fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 104a5c6dd94e1779ab9224377eea2541 |
| SHA1 | 8be80e991acbf0161a67611ae4baf8d9cc155ea0 |
| SHA256 | 9bec651786e27e3000b1e9cd8932d5649e17f35c4f277297d98401217cf2a5e8 |
| SHA512 | 56f13f398925a018f144c87bda1b3883e0327caffc73b0c03b6b2511457b2d1bbdc3aa90ea058ec35ac11e77c3a000fdf835465717abcfb5b238d6c432a36329 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 97ad0b8634b6564f71b76098b702611b |
| SHA1 | c29ea74a4564b5a73ec0001973c81a61851a1c68 |
| SHA256 | c9c750c011d73fcc086d165c9f1020de2bb4e8f0c02cc0b84e40c77ec3f22f3f |
| SHA512 | 164a1c30730e4a32ce9f3047e4e662cf09ed7d3e737841df4118f1d07128df7e6fabccb61ff3694d8deda34c8cbb0ad1d5da07ef1a0949c47c807cbd2b41c1e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\417736dd-d942-49ae-9ca3-43aa77518c0f\index-dir\the-real-index~RFe58caae.TMP
| MD5 | f9026a13b97e57aab9d48aee16fa0990 |
| SHA1 | 7bf3c80e04378899102f7b75cd4ba52319948d59 |
| SHA256 | f507e4c16310e90030ad3c15778dcbf2a64fd1fc2982f34bde234ae8f0e117a6 |
| SHA512 | 552e0a9f4cd290eb1b570ed82a7006353e6a5d105b64f4b4c928f0e62fba7b0b7a6162225fdbbdfff6badce3e603cfaf19cbc21afd940442510514555a553d9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\417736dd-d942-49ae-9ca3-43aa77518c0f\index-dir\the-real-index
| MD5 | e6dc374c0ec1a320db9a3720e4eb0f09 |
| SHA1 | dfa32fb43eead820552835932e04bc4883becc38 |
| SHA256 | d0baa24d78d5fb454c5acc0ec1d8603066fe07c9fa6eba08f68e407bfd94e9b4 |
| SHA512 | b7b6ae575d2bfadb476c0f3405e3e740e30312384febde31ad2ac46aa966505d505c30ec017f37da5ea8146824ca87fbfa940c41e90cbad42f0978385f9efd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8d95f58fe423bb91ba9e2ac9f7341f6 |
| SHA1 | a752211bd058b041cbb2ad98e411f45d31577ff0 |
| SHA256 | 94b5a44430d41229c8aa484ca741904580effd649eb360313e22d270fcca2692 |
| SHA512 | 2eb6628a8bf04205481b6c138f00be96dcdde24ca6e0d6e31dd5b6f9560e643b268d19c468762e551ce3fb003510d31b6e2561658a8ebefdd47601b27c1fb24f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4669e003115d3d1d7ca0533a7da5d04 |
| SHA1 | b0c9c7e72d9069382d34c5f76cea09808d87a42a |
| SHA256 | 2b7b580bcb8b811814e3039d6e9a7dfc269a87a16c4f7b1bb5b134597536b207 |
| SHA512 | a3cf5ff58140919ffc1d399155ccfcdd6d341d5ddb2594d9c80ad172be0023b8e6e6d1f7a2706ccb087498f3ad3839800a38b7ee62a2b9bd27ab3bf107ba03fe |
C:\Users\Admin\Downloads\gamesense crack by Zodak.rar
| MD5 | c67382f4fdd3ef483864a1ef1bc9f6de |
| SHA1 | fa6852f6f15570f8d79ee8ea552229211263771a |
| SHA256 | d1fb67f27c1026570ab246e1811ab5ea056102aca8aa02626b9bbdf3b19e94d5 |
| SHA512 | bc23ed9d6a57f49eab55683cc75e500859eb6820aa9f631218a14a0601abe494449f149ab6f72bc7036f3db1eeee06794f65f502bf9b61739af7619b4d2d15b4 |
C:\Users\Admin\Downloads\gamesense crack by Zodak.rar:Zone.Identifier
| MD5 | 42a1efe22bda1b85a69dd5f05134fe6d |
| SHA1 | 9fb918706b02e08b5e31c75f9d47814ee99f16af |
| SHA256 | 391ff6ec5c367b0686a656bd85bcabadbc0aa693284fe32f32c503ce8419b7d8 |
| SHA512 | 709a9a3d56fd5e7bcaad91c7c28073c03d220b6739bd85f1548d04cd0c91de9fa046027a94ad8cbf4ced37f1ef0655778a95f99305551950f185e0b9a7c6038e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c3cdea7048a57fb38bfdf1149d4fac23 |
| SHA1 | 587b3703ee00da73c2729e5536d1bed8a57f4a75 |
| SHA256 | d0c084507259e6fc5b568248a7ac2cc18f1c0e4fda367cbabcde8e388d08a442 |
| SHA512 | 417dfb051cb5454871a60e859319baed0a30a56fa5765da75b1e5be1a2b092f5ad04e3c9f964d271e5dc5ca34d54f187e74e65744a7feeb551d01f1fc64bbfac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a3100ecb005d3ba4002dbb3aadfcfe0c |
| SHA1 | 554ccd5b695c0e8f02a40e69e0d6bf46a485132f |
| SHA256 | 8e84c9a993d1b38c18c0e27de7c46a046f3375d3875209562b263ed60f572ad4 |
| SHA512 | 38752c0e775d414b476ed3847704b7a78dc08c8054b8b936c272b045797be3fabc861f24f667655f8149fc749bcbdfe7bfbc729214bc66e3fa5dcdba753e9db9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 933bf4f111f28875876d0b50316b1d6d |
| SHA1 | 87574f7dc4e1bf59b41a2c721a6415ea44912cdf |
| SHA256 | 69c1a133219742a76d90122c252cdab885c8ad8da5828409e11ebad13315e1d6 |
| SHA512 | 9f9caae69fb99f2b6ae11084bd251c77276719e667c330330f573209d68feadc59bb886dee08ea2f63f53774b1ff0b129d9f19bee9fda1758760ed62f6bf5e86 |
C:\Users\Admin\Desktop\gamesense.exe
| MD5 | 323789d025dacb3271560ec6828f3599 |
| SHA1 | 45d8f4e2e6fbc2208d0b7504312278cd9906a6ad |
| SHA256 | 91b6898be40df462f6fa6ec29737e95c8d0186db9a002900e258d454f2245caf |
| SHA512 | 268466bd8c57e9a68cbd4cdc6991985384f438e531a913078ff9c0c1ebbbb23e335987ffd1f6085f2e1b624b6a2f9105e29990db6ad2791bab0a57cb43798d9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b6f5549b5b1e2eefad7b352097ca2ec |
| SHA1 | d0755e2cbbc52610db2420f1f61c6e84108847ef |
| SHA256 | 775fe45590ec19aaf9d0a5bae76bf742c51e9b665ecec2c365f1b33e85032bb4 |
| SHA512 | a9eba23ff4b7530a741dab72a30e822bfe989c1e9a9d3449221ea6fedcb11a06e70e4839db2e32be6606b20b0be94a01c8dd94f4017c9277913be0500ad66597 |
C:\Users\Admin\AppData\Local\Temp\gamesense.exe
| MD5 | 87ced90d1ad4e72a9def424f60f18c27 |
| SHA1 | 9327a6ec09d704d1d69ebb40a73299e1385b8090 |
| SHA256 | 4f8b135158323aaee7cb5fef4b2909b8eafb1ff54820444be8f20425bb6b90f0 |
| SHA512 | 7f39eb3b546042d457274564697e2a10efc1f66eaa23932945f7beaeff46eff48e1f372d6f5484fa6f639c39bcba0a023780ee83f06af777942aca4bdc1eb5c9 |
C:\Users\Admin\AppData\Local\Temp\Cheat.exe
| MD5 | d5408d1092441ed52a431df47c047975 |
| SHA1 | 060d1a490b34f40a9c153688bb88c5f54ca28412 |
| SHA256 | 2b79c39c63ede2f31c74667ed07ae2633eda11b9a4199631c9418ec5f88f9416 |
| SHA512 | 3bda555d052e115a695c0781f8b058085bcb0be7b97475c9013033b920995721469be4b0d66574fac98c528803aa34f5aeca07c7799da41c170c24475acc23a8 |
memory/392-981-0x0000000000400000-0x00000000005D7000-memory.dmp
memory/3528-984-0x00000000000F0000-0x000000000011A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4e763fa67146c935f04a3f817182f295 |
| SHA1 | 02123bca65924990edc3933dd00089ddfe27dc68 |
| SHA256 | 7fe75d7c8aa989b406bf6eb41bc444a2d70a272e77ed351ef2e66a185d5d72d0 |
| SHA512 | dd2c1221982df2eef27e5da2665f0b2bc624f26af6f6a2d3bbd6cc4de4db666282481dfc31b442b797f4e97321e3ec307276e1d515626d1eb6ce9dc2d3b8c56a |
memory/3528-996-0x00000000051B0000-0x0000000005756000-memory.dmp
memory/3528-998-0x0000000004C00000-0x0000000004C92000-memory.dmp
C:\Surrogateprovidercomponentsessionmonitor\fwEx1nOnvkg59k8ditiCSLvZ.vbe
| MD5 | fb592bbe3c116ea02c33f03b27256684 |
| SHA1 | 7363984c79027be50b7e0b540e651b2cd6f4c7fc |
| SHA256 | 3b1c67da4dc71e19baedd2b111ec14afad377b138e6904bbebc1e682d514a983 |
| SHA512 | 51903e540edb738f520c2b2d4946f16ecc4c153ee1ec3b585d37f4b11cfea220598b2958c6509e9202c93da0f578ef4056b0ae2737c5aba237be95671041f7d5 |
memory/3528-1000-0x0000000004BC0000-0x0000000004BCA000-memory.dmp
C:\Surrogateprovidercomponentsessionmonitor\8dC7dWURSvVb5jH3vbVWqYn.bat
| MD5 | 6de687cf7ca366429c953cb49905b70a |
| SHA1 | 58e2c1823c038d8da8a2f042672027184066279e |
| SHA256 | 80d02a1cb8e68ffbc609a6c4914600604153ce929d46994200f837d354a5a611 |
| SHA512 | 6bfa7a07d6adf167458cece0ba3a110479ee7677feb58c0ae9ba5c8913bcdda13664060ce0261abc1668c18831d5c73f6bc570be8595323d46704b810fc024ef |
C:\Surrogateprovidercomponentsessionmonitor\browserwinsvc.exe
| MD5 | 774fc5ad85ff47dc68b61028c2689562 |
| SHA1 | 01682ac31b13d45d6264491c9f2344ae6231bbd7 |
| SHA256 | cd7e2fcf8b09dbb7cdfdd6cb0d72c16708bb24888db7600d2dcbd56e4b26d7de |
| SHA512 | 237a6760a021d1876702922320b7fea42a4c4e12465392f5a56094494ebcf58c0f6167e2935fdc9c6e92a6414166be0e38c4ad77df411875baca2fe79f0aeceb |
memory/4408-1005-0x0000000000C30000-0x0000000000D92000-memory.dmp
memory/4408-1006-0x00000000015D0000-0x00000000015DE000-memory.dmp
memory/4408-1007-0x0000000003060000-0x000000000307C000-memory.dmp
memory/4408-1008-0x000000001BAB0000-0x000000001BB00000-memory.dmp
memory/4408-1009-0x0000000003080000-0x0000000003088000-memory.dmp
memory/4408-1010-0x0000000003090000-0x00000000030A6000-memory.dmp
memory/4408-1011-0x00000000030B0000-0x00000000030C0000-memory.dmp
memory/4408-1012-0x00000000030C0000-0x00000000030CA000-memory.dmp
memory/4408-1013-0x000000001BB00000-0x000000001BB0C000-memory.dmp
C:\Users\Admin\Desktop\Русский Manual.txt
| MD5 | a497f67aa133c4da46e04970f0b4c450 |
| SHA1 | 87796285263ab635459d75521eff7c20c2ae966c |
| SHA256 | 92283ad98ee4731f7be5e02d57d553b0a86b4b22cd2703bc94f7f3f09cc5fded |
| SHA512 | 9321d3a929f2bcb8f0772999a85efaf692c1791ab7420e5f8c7f6f77f457a2984f968a2eb6100da7a3423d836370e6719bb438d9576d19477633c4b78698d0d7 |
memory/2020-1030-0x000001DA44FC0000-0x000001DA44FE2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3lqpkzw4.ub5.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\TxzBVPDJKX.bat
| MD5 | 57b80eec166611b941a87754b01edc87 |
| SHA1 | fcd0077960446d7d07c435d9eb240028dfbecc23 |
| SHA256 | 1144b7bd3d7c59e358c49e4ff2be876ca33799686654d1cef6f80cca135f4e0f |
| SHA512 | 046a9c32280d77b59e29e7fb4627411f891838c84613e40718cecc4269ceb5f7e90618c36bd69d7dc869d0dfaa40c9370ec233548dc44f74aee928d235163c03 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e3840d9bcedfe7017e49ee5d05bd1c46 |
| SHA1 | 272620fb2605bd196df471d62db4b2d280a363c6 |
| SHA256 | 3ac83e70415b9701ee71a4560232d7998e00c3db020fde669eb01b8821d2746f |
| SHA512 | 76adc88ab3930acc6b8b7668e2de797b8c00edcfc41660ee4485259c72a8adf162db62c2621ead5a9950f12bfe8a76ccab79d02fda11860afb0e217812cac376 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1a9fa92a4f2e2ec9e244d43a6a4f8fb9 |
| SHA1 | 9910190edfaccece1dfcc1d92e357772f5dae8f7 |
| SHA256 | 0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888 |
| SHA512 | 5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | aa4f31835d07347297d35862c9045f4a |
| SHA1 | 83e728008935d30f98e5480fba4fbccf10cefb05 |
| SHA256 | 99c83bc5c531e49d4240700142f3425aba74e18ebcc23556be32238ffde9cce0 |
| SHA512 | ec3a4bee8335007b8753ae8ac42287f2b3bcbb258f7fc3fb15c9f8d3e611cb9bf6ae2d3034953286a34f753e9ec33f7495e064bab0e8c7fcedd75d6e5eb66629 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e43b2cd654b865b974061439273efdda |
| SHA1 | cb1d14fe450e88d9c3e4fbefcd9b2ad727983fad |
| SHA256 | d6c2f568cf61ca6e7c07aab0ca37b4ccba209f0d671ff8dfd9d4f0ee48578c42 |
| SHA512 | 534bc3a5b1c435f29ad60e2c496c790e96c6c528f4e11b90f8be526ab1658bff502dd5c40a6a69bd812f2cd6924c6773fc7c4c26a508ad4f87ad85e0ae713153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | c29d83041db39424c38e93efd6fbe041 |
| SHA1 | f7e2595677c749b7d6a3dfb8047090c9d196a736 |
| SHA256 | c3acd422ae93bb5df0899fb1a2fa10517d209b19d2b6e7a46fd4348899ff4e32 |
| SHA512 | d7d8b97dddbec6954ad5a085311aa1fddcd89bd1d0e70c26670c8d92620747243579027bfb4211d82ff0327c17903678558faa3b23c02a1b6c8fc877f2f42c22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 34ec70b32304fccb3704d6b9d319f8e3 |
| SHA1 | 4f2242a5515cd8cceb9058ebf60e4890f3a36edc |
| SHA256 | 44ad80016ddbfa3d5a5a62ce828e70aac005de0e035137045af6c6c9871e36e5 |
| SHA512 | 6e49eadff954ecd6a68bcf4b75afc7f22336354eb202e48e99d8ad6e3a1aa53f48dfc29be34d83787faacec5cd67e19af02ac66ec7b9aa881b96cad58def81f1 |
memory/6356-1152-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1151-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1150-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1162-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1161-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1160-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1159-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1158-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1157-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp
memory/6356-1156-0x0000014C0FB00000-0x0000014C0FB01000-memory.dmp