Analysis Overview
SHA256
87a574cbf6233e2fd7a3872da22451ae49f6248cca5c900dab49207e0f0135b0
Threat Level: Known bad
The file ae1265e9fe0ac39bbe970a3fa66c64b0N.exe was found to be: Known bad.
Malicious Activity Summary
NanoCore
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks whether UAC is enabled
Adds Run key to start application
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-15 11:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-15 11:37
Reported
2024-08-15 11:40
Platform
win7-20240704-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
NanoCore
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\b1b2dqljdx3 = "C:\\Users\\Admin\\AppData\\Roaming\\b1b2dqljdx3\\a1punf5t2of.exe" | C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2760 set thread context of 784 | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
"C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe"
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sysupdate24.ddns.net | udp |
| US | 8.8.8.8:53 | sysupdate24.ddns.net | udp |
Files
memory/2680-0-0x0000000074E91000-0x0000000074E92000-memory.dmp
memory/2680-1-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2680-2-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2680-3-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2680-4-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2680-5-0x0000000074E90000-0x000000007543B000-memory.dmp
\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
| MD5 | 85423174f78e73d2a8ead25cb88c9d41 |
| SHA1 | c9d33fb79558507f432d2c0b289749fc6f730543 |
| SHA256 | 81fa0363a9099b04f3292ac387a35aec4ef7bf30ecbb055678fa450fbbefdb84 |
| SHA512 | 1f06af461294696f7a11bf30b0a928838f797a00e6a98dec6da8120927647786e83c405d33b9aa8b65640127568ca0172b9682c9791d14d5c05d2597bbde1f58 |
memory/2760-15-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2760-16-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2680-14-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2760-17-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2760-18-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/2760-19-0x0000000074E90000-0x000000007543B000-memory.dmp
memory/784-21-0x0000000000400000-0x0000000000438000-memory.dmp
memory/784-23-0x0000000000400000-0x0000000000438000-memory.dmp
memory/784-28-0x0000000000400000-0x0000000000438000-memory.dmp
memory/784-39-0x0000000000400000-0x0000000000438000-memory.dmp
memory/784-37-0x0000000000400000-0x0000000000438000-memory.dmp
memory/784-32-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/784-31-0x0000000000400000-0x0000000000438000-memory.dmp
memory/784-25-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2760-41-0x0000000074E90000-0x000000007543B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-15 11:37
Reported
2024-08-15 11:40
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
NanoCore
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b1b2dqljdx3 = "C:\\Users\\Admin\\AppData\\Roaming\\b1b2dqljdx3\\a1punf5t2of.exe" | C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4500 set thread context of 4928 | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{7B5D3EF0-1E8E-4D9B-9F0D-DDED31564FC9} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
"C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\WatchUndo.svg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ff9884146f8,0x7ff988414708,0x7ff988414718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x528
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultadc26876h91d6h4c57h980bhe4cb6d788086
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ff9884146f8,0x7ff988414708,0x7ff988414718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12894849926097766773,13913806534589897392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12894849926097766773,13913806534589897392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6220 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | sysupdate24.ddns.net | udp |
| GB | 92.123.142.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | porn.hub | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.142.168:443 | th.bing.com | tcp |
| GB | 92.123.142.99:443 | r.bing.com | tcp |
| GB | 92.123.142.99:443 | r.bing.com | tcp |
| GB | 92.123.142.168:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | prvc.io | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 172.67.177.254:443 | prvc.io | tcp |
| GB | 64.210.156.20:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.2:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.2:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.2:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| FR | 142.250.179.123:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| FR | 216.58.214.174:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| GB | 64.210.156.17:443 | ew.phncdn.com | tcp |
| US | 8.8.8.8:53 | chaturbate.com | udp |
| US | 104.16.43.196:443 | chaturbate.com | tcp |
| FR | 216.58.214.174:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 196.43.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | web.static.mmcdn.com | udp |
| US | 104.18.202.4:443 | web.static.mmcdn.com | tcp |
| US | 104.18.202.4:443 | web.static.mmcdn.com | tcp |
| US | 104.18.202.4:443 | web.static.mmcdn.com | tcp |
| US | 104.18.202.4:443 | web.static.mmcdn.com | tcp |
| US | 8.8.8.8:53 | evtubescms.phncdn.com | udp |
| GB | 64.210.156.6:443 | evtubescms.phncdn.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.18.202.4:443 | web.static.mmcdn.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | static-pub.highwebmedia.com | udp |
| US | 8.8.8.8:53 | 62.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.202.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 104.17.80.200:443 | static-pub.highwebmedia.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 200.80.17.104.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | nwr.static.mmcdn.com | udp |
| US | 162.247.243.39:443 | nwr.static.mmcdn.com | tcp |
| US | 8.8.8.8:53 | jpeg.live.mmcdn.com | udp |
| DE | 131.153.88.91:443 | jpeg.live.mmcdn.com | tcp |
| DE | 131.153.88.91:443 | jpeg.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | appimage.static.mmcdn.com | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.88.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.mmcdn.com | udp |
| US | 8.8.8.8:53 | edge9-ams.live.mmcdn.com | udp |
| NL | 131.153.86.59:443 | edge9-ams.live.mmcdn.com | tcp |
| US | 8.8.8.8:53 | nwr.mmcdn.com | udp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 8.8.8.8:53 | realtime.pa.highwebmedia.com | udp |
| GB | 54.192.137.15:443 | realtime.pa.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | 59.86.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.243.247.162.in-addr.arpa | udp |
| GB | 54.192.137.15:443 | realtime.pa.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | 15.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 162.247.243.35:443 | nwr.mmcdn.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | ev-h.phncdn.com | udp |
| GB | 64.210.156.3:443 | ev-h.phncdn.com | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.142.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 195.195.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.142.123.92.in-addr.arpa | udp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
Files
memory/4748-0-0x0000000074AB2000-0x0000000074AB3000-memory.dmp
memory/4748-1-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4748-2-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4748-3-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4748-4-0x0000000074AB2000-0x0000000074AB3000-memory.dmp
memory/4748-5-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4748-6-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4748-7-0x0000000074AB0000-0x0000000075061000-memory.dmp
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
| MD5 | 97ec8b871da19336f05a0569c896b946 |
| SHA1 | 474e2a8efad159fd27d9a6d0faa8f040ddd6f320 |
| SHA256 | 8b07864a89e462ef8537ef8c89a2ef7dec44673f69a6a9cf93799283cb746e79 |
| SHA512 | 44d7141e4b9c1a1d6b694f9dce045c9295f1ba90e25ad5ea4f4b0f063df53f76d8239075d208afcfe43aee2fed592053c1a7629e47efbfff05b7bd641aa639cc |
memory/4748-21-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4500-23-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4500-24-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4500-22-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4500-25-0x0000000074AB0000-0x0000000075061000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 983cbc1f706a155d63496ebc4d66515e |
| SHA1 | 223d0071718b80cad9239e58c5e8e64df6e2a2fe |
| SHA256 | cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c |
| SHA512 | d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd |
\??\pipe\LOCAL\crashpad_2464_BTWFCBVFKAAGCQJW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bab858bbc5241acafa29da55474d3982 |
| SHA1 | 2d149a764de599dcfc2608f8f58ef36f4c778e92 |
| SHA256 | c5842346cef8830fc0ad7cd035b984b23011c8bb6e5a91a6e8bb48d7d0c01561 |
| SHA512 | ac2d396f40a967c5340d29756ccd72ba57c5f54b2f8c8648203eb67ee75ee5e0f71506a77ca5b6bc498a153de3a33ad8d30c4e923742e5577b4fbc06a8ef4e1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/4500-58-0x0000000074AB0000-0x0000000075061000-memory.dmp
memory/4500-59-0x0000000074AB0000-0x0000000075061000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f92bd1d98cfa885f6f4e941a8fa26687 |
| SHA1 | c0a50146c4c1015463387efd8428dc79fd1397f9 |
| SHA256 | e3e8b970734101c5d67726f7e86c03434c036dde1471e7e56b1231742b7fc60a |
| SHA512 | 378c927edfbecf2d0c8c194d62832fab0de1f73cc5a83b62b60ad6dc8420eed4eb547fd838a29e698d803781647dce56b096f87f78dd27050e1306ad473807c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f981104e029fde5df016ea6568ed4c76 |
| SHA1 | a0a97babea9367e3b3ab04804a9ca3c4ed3fe2d4 |
| SHA256 | 437011ac7546787d6d64f50ee1a0881e45ba279d29321ec290ac059dc6b9f560 |
| SHA512 | bd13c7a7db0eee6adae4e021ede6d9e9b008691f5410fb12b6692f79bc66393450931964789140e589003b2262a46f1482577df54cef08caf5734f581ea2d959 |
memory/4928-76-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4928-75-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4928-74-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4500-235-0x0000000074AB0000-0x0000000075061000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30f05ff2bcd733d701a4b56794ae1f6b |
| SHA1 | b245b01788ca7391c3017248c85cdf91a6bfacf7 |
| SHA256 | 44bbb35bcde87263998a8f0b381223c20e973fc8233dad84abd917aeca43bcd6 |
| SHA512 | f0f79b18ef8040f25277f32ee050875eb86c5562908ee530d7ebad1c7f0f17746da902f71afc6dcf29d91f24f5f9290dccb5be9a4f4f8ec5ea9912297b366f9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 111c361619c017b5d09a13a56938bd54 |
| SHA1 | e02b363a8ceb95751623f25025a9299a2c931e07 |
| SHA256 | d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc |
| SHA512 | fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1ebf20f1506d8cc0bcaa4692ff8fb85 |
| SHA1 | f59d71545ccc3b6a20539a8f5b3075d2273f7a1b |
| SHA256 | e060b2ca107937d6a065c6a31b397826c1464ad548a2a5cc46c60dbe1c341d8e |
| SHA512 | 49760b2a3faa021ffac0b57f244cbf39f06a311f0ff566c07ff8591a4343e8229314a4f325054f023d93dff8353564bceb63cafff2612898ca04928ac5640e74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c138c9192d39ab8c395358705a726528 |
| SHA1 | b831c360c75059c7d559234388e85a5415ea4ea8 |
| SHA256 | f6450c6550beaffc96ee76e82cbd881fd23867b2daf5167ecad5f41834864a7e |
| SHA512 | abe4a66aea269711d4f2f4a893db75d30b20f6551c5cd1d080e4dce98311a4f5736d1376723d3c3b88ac2471bf73de30d06d88cc9c4b9549d597493a782bf5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585407.TMP
| MD5 | 61a03c7be2fccf58d762a5f94b5fbee1 |
| SHA1 | 7a2285af05c638a7b66742b1be81d6d22359731a |
| SHA256 | 7e90b479bf9817768f3586fe08c153b3a8bda25568f13c4576c8eba4021bd897 |
| SHA512 | 4d9f63f6d187b5937744052dbe498ecca304b9efb24f0a5ab59e0624f74c30489ee2dc86a664935b1cef7c43c6614d4c7c5abca3633135c79173c955b6141cdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 36b62ad2036b27e3439b4995e685573f |
| SHA1 | 722202404722103628f8b743700b5000bb421bfb |
| SHA256 | 98b9907bbf87fa7ac0420532e7e36bde4b25d5fa9c6bfac369abb5e13a36bc25 |
| SHA512 | 892828f5026fb1a23ce222d62a0b65f2ed2d7487830a56a0375dbd6784a709c20d03df3e2588ce96bf99a969a322f61c0bfe2efdd94f2a308bea322d7b742f41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58628d.TMP
| MD5 | dbf140dc7500197831f1b5185674aebb |
| SHA1 | 0e7b5dbd45fba327afd0e427b8d2153c613e5556 |
| SHA256 | 22047a4a3010004cf95fa64140ef0812e278117ca834721a67e4b80fd2fe8285 |
| SHA512 | 92549c6b3a79cc941e7f1d04b8ab93b9dac90dbba5cb7304e9b13c9a5a65f22e567c8b8daca4e4b89d53d5e785afe1a730e4cb587c481af9ea27475fdd26582b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6723060e1784c15f7f79efae2d4f4da |
| SHA1 | 03b7b38ab9edd3240b2ab254a58c292725bd67ea |
| SHA256 | 45050335aa77e3211be9af0b907422f4c3e34e003c904a3edcb97b3554c9cba4 |
| SHA512 | ad7569ea27271cc6f33909a88ee7c9a08b61baf6c791e5ad9575687bec3f98d9df9d69de32d528c9d35d4c491258cd1c8283e1fb51df816df0b648a5a5ebb750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dffa768c857f0317438b11c35e5cf65a |
| SHA1 | e3f5083984e33d296b77d2bb9089eaa82f472f1a |
| SHA256 | 90bb6dc5408ac14eeb291dd69632e4d539e5730024439b05c00e1fda8cb49716 |
| SHA512 | 6d4d72d0a861359769fd742f44ddf3ed7bd3f8bd57d3c0b572fbb0d6e0e473a50933d0ef1e3fcefa588140648dbb497060c7b49fdad968dc28e115608977ba66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1a523d63ab209deb644e4bc7630f9c24 |
| SHA1 | 12c12778b0bc16659c0b9e2bbf7fcc51383accbc |
| SHA256 | 74495c8efb2a6b087b6fe747a871854967391273499ae6d20ab74c4d5ae748ab |
| SHA512 | 618db296532b6e2e1eb3ca05a44bfd485067ea467b565f2402dd6e0b6580a8934494a6a4ec8e8317b6d90da5ad1264903d704d82838b842cff86ecde403a2724 |
memory/2924-751-0x00000175AF470000-0x00000175AF480000-memory.dmp
memory/2924-767-0x00000175B77E0000-0x00000175B77E1000-memory.dmp
memory/2924-735-0x00000175AF370000-0x00000175AF380000-memory.dmp
memory/2924-771-0x00000175B7920000-0x00000175B7921000-memory.dmp
memory/2924-770-0x00000175B7810000-0x00000175B7811000-memory.dmp
memory/2924-769-0x00000175B7810000-0x00000175B7811000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 372cb7623144a9357d32f81156b0126a |
| SHA1 | 84bf84342f9d0e21e7412368ebbc02b04bfc2eb7 |
| SHA256 | d661ce3966020f3fba040d9bcb15e75f8d2c990e6b4adb1293d4aebb5343c3a4 |
| SHA512 | e574f8effa2d07916e185e5649bc0f821d1b8271d6eec6353d857a8472d31a8fba55253f1bb984498e577b2d4ac26b7b1418405ead74e9c052f5210f3d7145c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b950259c47b4d7d5b270100729498a65 |
| SHA1 | b8dab6060266b870e42eaa4771a89bd2e1a127a7 |
| SHA256 | f3340c7793dd66ea0159358b4b347bfae832571b8e8dfd912d18bfee67312aeb |
| SHA512 | feea4314537a60c0bae88c411267ca65c02c3beeeeec24caac75f88434f7a2db5fd283c4b73fbba5c963933f2c755d3fae271f214a238419e46cf009127db3de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 793d5df67dd2bdac5b13002fe6a56feb |
| SHA1 | d7c7e4fc13101e854103ae0d372f6920eb1e6da7 |
| SHA256 | b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7 |
| SHA512 | 0dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8ed75c8fc6c423b8b33496806673e47 |
| SHA1 | bb8dda38c4dd1d7558c246ae62ecd81858e7ba97 |
| SHA256 | fb74ca029a64f321f0269dc4f977edbe32424c698fb4fd62a718221552117eb3 |
| SHA512 | 6b992816d71118d6eda15a63d6d362765e79fbc31c46448363bddd0bedb0bcfa4576abc73578091775fb35656258d5c2005d3359b0e81b9d42adb23e4974a136 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f10758162afc2c1b8cdd53770643b572 |
| SHA1 | 2f5d6078fff062ae58919273f753004c6d63c2fb |
| SHA256 | 0216dcea9cf777d600f990df94d1dc77bb5840822f92173c1a1d313f6e0035eb |
| SHA512 | 523133b8ac8ba48118fdcec0cf9ad645c19f75cb599a211adf6a82aca66bf6daee6db1997256a2cd007af7fc96f406f5484aab505cf836ff77050aad2a92428c |