Analysis Overview
SHA256
5a4e290904ff3aeaac035c7e32f84eb7bf99d5cf803d5f1ec3dbbc18577a73e4
Threat Level: Known bad
The file Pasword a.zip was found to be: Known bad.
Malicious Activity Summary
XenorRat
Xenorat family
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Checks SCSI registry key(s)
Scheduled Task/Job: Scheduled Task
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-01 08:40
Signatures
Xenorat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-01 08:40
Reported
2024-09-01 08:43
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
145s
Command Line
Signatures
XenorRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\New folder\Fixer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\New folder\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{3C0AC183-7F8E-4B41-ABB1-2F40320ED3B9} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\New folder\Fixer.exe
"C:\Users\Admin\AppData\Local\Temp\New folder\Fixer.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmp83E5.tmp" /F
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff9da846f8,0x7fff9da84708,0x7fff9da84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1507961588391507176,6608551986142089283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4a0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9da846f8,0x7fff9da84708,0x7fff9da84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12036657228081988874,10750232937851056541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAC0A.tmp" /F
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmpDBC5.tmp" /F
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmp34F1.tmp" /F
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4B48.tmp" /F
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa38a1055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:69 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:69 | tcp | |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 42.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.localizeapi.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| GB | 88.221.135.42:443 | th.bing.com | tcp |
| US | 104.18.34.227:443 | cdn.prod.website-files.com | tcp |
| US | 172.67.41.53:443 | cdn.localizeapi.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.245.246.158:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 53.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.246.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 104.18.34.227:443 | cdn.prod.website-files.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msrewardspme.azureedge.net | udp |
| US | 13.107.246.64:443 | msrewardspme.azureedge.net | tcp |
| US | 13.107.246.64:443 | msrewardspme.azureedge.net | tcp |
| US | 13.107.246.64:443 | msrewardspme.azureedge.net | tcp |
| US | 13.107.246.64:443 | msrewardspme.azureedge.net | tcp |
| US | 8.8.8.8:53 | az15297.vo.msecnd.net | udp |
| US | 152.199.19.161:443 | az15297.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az15297.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az15297.vo.msecnd.net | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| AU | 104.46.162.226:443 | browser.pipe.aria.microsoft.com | tcp |
| N/A | 127.0.0.1:69 | tcp | |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| AU | 104.46.162.226:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp | |
| N/A | 127.0.0.1:69 | tcp |
Files
memory/1372-0-0x00000000752DE000-0x00000000752DF000-memory.dmp
memory/1372-1-0x0000000000FC0000-0x0000000000FD2000-memory.dmp
C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe
| MD5 | 5ef7344600895b2f13d5d8e44537d946 |
| SHA1 | bdf05e86b0c923a0c1edead40cc50819b185d4c0 |
| SHA256 | 50866224673bc35d89ba701eaf3e794f452fecf308e9fab36be21fe8c486a9d0 |
| SHA512 | 9563e4b2c98e3ccc8b47c9739a9a74680c9782f1bd18d67c80fb5f85e6bc667df72978b3d7858ddb30ba522d574215b720a2792b7e9e6d34759d0cdc2eb43c69 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fixer.exe.log
| MD5 | 916851e072fbabc4796d8916c5131092 |
| SHA1 | d48a602229a690c512d5fdaf4c8d77547a88e7a2 |
| SHA256 | 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d |
| SHA512 | 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521 |
memory/4168-15-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/4168-17-0x00000000752D0000-0x0000000075A80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp83E5.tmp
| MD5 | 2ab093f77a33e7004e362f78c87763a8 |
| SHA1 | 2a4dcef9285dd583a33c1c5195cac7a37daee193 |
| SHA256 | 4691f336ef4ce21e9f11416ab10393a8d4760db2025cfc0bd59acc25e018e234 |
| SHA512 | 343b32e2048b259717e04dd98ef8900f3951ca79169947f1ed642b76965d95d517bd5a7878897aee21bd4350ac96aa1240e9d7e86e0fb53b05e28da716e95d3f |
memory/4168-19-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/2436-22-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-21-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-20-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-26-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-32-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-31-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-30-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-29-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-28-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
memory/2436-27-0x000001AEDB220000-0x000001AEDB221000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_5116_OTXHVVDXRNGLTTXM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc363424383385f88b5e4bd234341f63 |
| SHA1 | 3f4dc281e65d749920f287f863effd689807b0fd |
| SHA256 | bb3b4c27d712bd5c32444c1f28ea9632a3f4c27cabff7f7da370fd8a476f64c8 |
| SHA512 | c72569a2240cc4d04daadda4bc3de215ad188dd83b6f19bfaa52bb8a1581ce02ea1b436d947fb15d0f47f6df652197fe5885661520fc7f489bb1acea52f9a26d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a98bd5e1b0c852adccc7098aa91452b |
| SHA1 | bcc16e53d34a2d50217ef969c62df45bd1ba2af9 |
| SHA256 | 7766c9b986b85818e5afb358146bc45916e686a4def759266380c69c69edc051 |
| SHA512 | 42b92c845a3053bb1c3391caf3221f0906604bd75e6e91a0c66b1756a2b71e7f7966133949083deb69813b71172e9aaff23a867bf6323c8bc9bbd7b9b7195688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 51f22ea621a1bf674ac6bef0c012512b |
| SHA1 | 4626d76f2261903aa9552c69e7c654a4d4b3ea97 |
| SHA256 | 46e944c2505866f39540a0ec6228cedaa13d03d9ce59256a661bb616fc0932da |
| SHA512 | a6af99c8ad77d9c037f7d9c697e934a3bece46ec620abfecf89d558a684f39deb92bfd7b78a1bdbe188d1cdd9f4719bf0b6f06c6771ca79251d3b3d5a5628d5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a57763afa1010750a498657fb9279c6 |
| SHA1 | 262a5c80738c6c953457d172656693903af3ab58 |
| SHA256 | 477b9db180fde3318c10f35483fbc209dc01a45cbdc85b0187541cd705778e62 |
| SHA512 | 9780a22a1674d4af621fc82b23ddf3c8ec2233371cbf31fd9df0ba9dd677c20fa9aa709d01cc866c8b1edba7122a673306f61fc7f2f9eb22543de7de3a4596b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | c0301d94052aefdcf775d4301dfa2d63 |
| SHA1 | 851019760c6e31e082b82559483e2bcdd8f9f913 |
| SHA256 | 6e044cc17ec09af4e558641b2b89d88697bd55af8a4b003f5a2a39a238f67c6c |
| SHA512 | 402e8c72f59ac94c9cea531fc1ba5b2c968f862198b86ccbe2151ded02adb8978c263c8f30f1fbd2134508aef5b67945c3117c5b637092dc6ab59095d9b881b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9adfe10be94564c8cc950541375d96e |
| SHA1 | e5134723a5bbb0879ea2ca781acb2eafa4fb7b95 |
| SHA256 | b6e8f474f4613c2821257842a002b8446eb74fbc1d0af983bc37a14e024d2877 |
| SHA512 | 72d5bdbd2deb1f46478f084ebbad1faa65cc2f8d57923b5fad6442b89168bc78d7f92efa810e047cb577291ee1ed0721046c622c41b78a1b6f87616637164140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1aedf99181819a90bcd3f0e2a5434b34 |
| SHA1 | 20890f76c2f6fd7cedcbf7431aa0d0922129ec7e |
| SHA256 | b967c570544d9c584dfe306b9c70ddc8ed2749af5eb0bc2f0d55fd2fe395d406 |
| SHA512 | 124a57b832b02b45bf1285a2b62b9aa24162c603c9d0669bafab11119f8beb52fb1779aa7db30af4dba79c1b0fb61cfe6e198aabd946f9e4a81dcad786ab63da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8455f46bd2334573c97e8fbd9e4aff49 |
| SHA1 | 5dd67a2af266160971d892c3724760d9efa65932 |
| SHA256 | 3b0f04b2234282d33eea766c6eb287b6655a2266a059a352de9615c5845140d7 |
| SHA512 | e3469dce5a030def7d14963db9f2aaf8e2c590bef9cb1d222506dd0bbf7b0b108b07ed6fd3cce08e4500d0944076f9c6b371d30581054827f267841ca2333eb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4f7afcf66e5ce5344b8f086bddb2e47 |
| SHA1 | d086381924e359c80e1344fe9eeb686307140828 |
| SHA256 | fbfddde992c868105385006e92f603f719527831ee29cb2d764db44b3ade91af |
| SHA512 | 306e5a95d87b26f54fd0b1c18120a47b0088871b068db96d8fab0f9fbeb1e64e0780eeac970a25b23b1d5091f55aca879c9f2a0ead92ea402d3de4ee8766c43f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58270b.TMP
| MD5 | 7743060a90ff41bdcf6b31c50e435da6 |
| SHA1 | 97de0386b16efdb20f5c7119bdd4b759722bbc5d |
| SHA256 | f29ecf3aa4b50e14fffaa7c4ed76ece5ee5619cd3a35d4096416245eb5ddebcf |
| SHA512 | fd513638a66150a7bddd819bded1992252377013c1110c215a3bcb025589b2d49fcf3bbc66222f6a87de47b8af1be7c6ad4e541f2b0dc4a430af1b4c880cdb06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ec725f0447a24658185483e84e86e162 |
| SHA1 | 02f3f53a502c3e7bf7b278c1389abf3910a5e42b |
| SHA256 | f5ddd20a03f84eda3b01e3a454ca6f525e60c01e34332c19b9ecf1ddd9ec693d |
| SHA512 | 79e71ab586ea140ed8e793633511113ae291fd60aa08e5f1f861f63a54816dd26048601051b6759883da6a95659e2d39380aea1de0a5b267891b5834f35060b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 4310d70958d1994a25a36eeeb33dff39 |
| SHA1 | a9b06ecd38e8ad0f6e1dba7540d1ebf5b026ed3d |
| SHA256 | 9d4230d625af38b5b40bcc0643dbc934b4b928d9a6e68c85e7293c45c48dc449 |
| SHA512 | 19a9d752b91597fe9e7087315dd94e2c2892f14ba0cc264cfc111a429883dab5211de403b16fcf86ab5c3d77fd4921957bcfcf710aeadca0bf37e30bf65ed37a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | acdc88fa6740fae25d9e8817e58690a6 |
| SHA1 | 0edece01b6ca2daf8efd2a0602b65068cb0a138c |
| SHA256 | b27fd5d01a90396ce9537694012f0ae5f75efde02467cf7687d268f73a621b9c |
| SHA512 | a4e2c918f70046d6cc3fd6e7920e918bc153208c6a99ce8aa0ef7be403860e25c9fe0ae548c64d3a0139ee9c081a195f1cc0bcf7a4b6c983bfe3aed3dc7f62a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 81e025a4f0d3e4a05b1c77f3195771a4 |
| SHA1 | 83233a1ef339e117b5bc855160e42cea428e31db |
| SHA256 | 675507c4bf279e20178cbb7eff0aac86c3fe1be0cb0ddf21333fe812b9b98ef2 |
| SHA512 | 36f92d21f3683de8fdf4e373db38cfc09bdfbfa5a523f3f015b64bfdc5cf193ff1048dd87938c26d38fb1215d58cf850138c0485f0c6caa979a08f3747171123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 2aefcecdb0ed99bb060c38431414bf55 |
| SHA1 | 5bab56501c2ee4503ae51b0a5385048c0b625398 |
| SHA256 | 539e0d045af776efc84f14a368e83b1e9b6962eb75ecee1201c6f3e0ea330974 |
| SHA512 | 38aba4417f4ca1968c6d28b2c31a4c0755702e8d3cb4db5c542a94353bc908e8ff17f461aaaa39c39ddcb22b0159cbd05853217bca32eeee7cb7b903eeac1fd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 9bc9d38a1aa595686fa2a05950d90d08 |
| SHA1 | 72a06098af5baaef1556c3c9904a46f0d991d561 |
| SHA256 | f1d906ec761847b43756c762d02795ca59d5f13fba5220bca321f45b2a75fac0 |
| SHA512 | 4dcf302a0b3ee2f5d84ec89a8a1a3332b9a0a50bb74a18a66979f849652d55ad65cb768c5223b682d84a67d4e8622393a7b8f98ee881154de20b2b0c1f32d109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 2edba2cc2f204242e9f294bdaa2310eb |
| SHA1 | d1bddfda11e939f24dff6f2cd0fc1498df53fcb5 |
| SHA256 | 8968eba1dae1835d461c7d7654a9c2656f79ca8811a5f3eb9387a231458ccc61 |
| SHA512 | 215242475d1cb3cde874ba31c0813d5d67a817cd334cd12bc77b2c0c9e626ed5892b3cc8874685434d7cfbb99c0928c01d1273dc7e90eb5d15823d9e6df7e54e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7ce4cd7c81caca6329ec85912899b037 |
| SHA1 | e231cc63943c9880550ac8aa2654392cff392bd9 |
| SHA256 | dfdba7bcb2920c99e96a288a8f1508f044f1c4bbe33c5799db17e21c548f1cf9 |
| SHA512 | 598c53c0ef6422c32c737e5e5a9ade119d6ce55887c14b19d4b84dcb5cea66554b0a732d37389c649ff0e1ee66f40fe4ee5b06088905041c80a0659c483b931c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | de6c748aba40e1c8c585a0dcbe7046ec |
| SHA1 | 01b9ba7c5ea1537f7bce09c0f4e17c9b0475da8e |
| SHA256 | c2de1d70ea18a2366db90c4166eed14d2210f5957d0c95672b4ab3925ecd9b2a |
| SHA512 | cea5a854f7045ba990354337fe5369ca6fa7f3ff3f9aa532364f0d0d43e6f149302e72b75f8ded8b256e10c7dbaff13b1d7079252743acf9defb934e51411a4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 9231dc5cd4211f9064c8f078ec793125 |
| SHA1 | f4256ad40d5bb8e60c53bb2d3e1563a1406a746d |
| SHA256 | 94865a2d9064d38873589f63c4d1a37ab0ee892826c49de69587a46b6e1a0ff4 |
| SHA512 | 3f0e0364bf8923746fd884e54b70b1fc3c93ef35f297b9dac72dbdf6eff31bca507f04a8c6c8e5958dcf0f0e7fdeca1d5a2b22aa8628606fb8f4c23b9ee8d8ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | e53bf3af9b3d935d50ee4eb99eb3c7d0 |
| SHA1 | ae2afe6197133189b9c7a2c54644abb73f951062 |
| SHA256 | df568e0cd570da8ee3c015ab112d0d33c8197ff3df995e0d52b0966658832491 |
| SHA512 | 5975d5aef2a1316b58ba70f4b1191de6319731a8d7a3a982c0e782e8aeab73061917ca8dfd0a60adf69b1166aa48c4d23e6cfb2bf154ef6ee7b75ff6d31deb33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 8b1269ca0d6561c40fd7df7a11c078ec |
| SHA1 | 5addb0ca46d7b1c4a8fc18ec64872e5927dae1ce |
| SHA256 | 2159591fa848e1afe7e233850149c0a2c7e69c8d8035c2611ce669793173e7c9 |
| SHA512 | 0e81d3524c39f0134b2920f8b8d784ca37a9d2ebc950346891b45ed422155ef06ce6b7dffd346d7ac2185b79ad5a0c128131291e51a09dfe4b4f2e8a9ba919fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0ac0c0998b3ffe3e6661a86acdb3cc7 |
| SHA1 | e3d88db939a932270fd5dc19905fc11a45afadf4 |
| SHA256 | a85f101bd3bf97ccb997e9b8c6878b8a3022004fdacf3ba7c4bf42d8b6b0cf9e |
| SHA512 | 56493de2beac53758224243d2ae77508ee2cd79190f21d5f6b5869abf45cafffd252ba896df283b6142c8bbf2eec2a287983f1eb76e372464fb5d079e4bef996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | d0b43edf90694289158ec462b8f4b189 |
| SHA1 | 3ee03761fa07c655338ce75369bec7979535f93d |
| SHA256 | a440bfab6490f7c8b7a4f6c8b8a252f64a7beb94135aee796b0e999c8d453ed6 |
| SHA512 | 0a7c7bc8ec9e023ee772aadb019b47286ecfa0bb9283f1a6eaff33cf808ba9b97da1a1c934906f23a2bfd7957fd8b2aaf0316c64f69e9c83960d5cd211255208 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 1ac9e744574f723e217fb139ef1e86a9 |
| SHA1 | 4194dce485bd10f2a030d2499da5c796dd12630f |
| SHA256 | 4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e |
| SHA512 | b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 17e965b44957a8d118aa90239875ca6d |
| SHA1 | d350627653b5259ae7f13d0b36345717bb7d1b81 |
| SHA256 | fe3c09558dcf944e7440b47114cb2f812f22ea972e87f570c1c23165f851b61b |
| SHA512 | 39c7fa018660bcd300264305728fb627fb6326319645d09245aaa8dcddde4b5d50c1bca5073eabfcfc54b6f39dc66ac07d1ad04980b53068ec50b34d65b93f1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | c97f596ec81f8f81efa6a914b735fc55 |
| SHA1 | ad0fa14d4a6610a0883c05f3b4cb737d7ede3cda |
| SHA256 | c8aef0e56b54fafcca28e5fa4af3c4e993c1d62bf47c28998c80d017e16996c8 |
| SHA512 | 36cc7063bce9f2cde27430ac473752528ae0a7d1b4dfa2a3de2247f05882edad8a8928066f21b15bb27cf1a21592a71b9764133981621ba41bf12129cf285f45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
| MD5 | 009624665e45fdcc351a1a85bed095f5 |
| SHA1 | 174fda5a4f87ad3a2c981565d1790129e6e5824b |
| SHA256 | e2df64eef859783975a2028474d42e7c57f6b6e0936fd1261a15de513b37ff34 |
| SHA512 | fd0e47ccf8c8905b50ca94f9fd027a25f5fd65e6eb47f6d6c650dd86b1c238181b40e5f6aab66ba9f313e828d302a559012e8818a7aa20cb2afa67fe13d742d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
| MD5 | d22cb8682c6c279a568ed39bdc634f0f |
| SHA1 | 677360e899085b1fe7af0098575842261a6d854a |
| SHA256 | 78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0 |
| SHA512 | 2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
| MD5 | a33b3a3fdf5161be5bd861804961f557 |
| SHA1 | 68a57897f1686a3e62ce9808165e18f31661d077 |
| SHA256 | ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560 |
| SHA512 | c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
| MD5 | e8e1f8273c10625d8b5e1541f8cab8fd |
| SHA1 | 18d7a3b3362fc592407e5b174a8fb60a128ce544 |
| SHA256 | 45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44 |
| SHA512 | ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008
| MD5 | a4e164f6a15386763f5a9915b9b2abc8 |
| SHA1 | 8d499d52070f47a4084008fcb8874fb148994d4d |
| SHA256 | dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85 |
| SHA512 | 9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009
| MD5 | 2f1ec27c2803176aa1f7cb1dfe10ad06 |
| SHA1 | 5b93f0a2a9322f1b34f1a63b356e3acdc836c99d |
| SHA256 | f8bd05774df8f324683471354366e3160cacce57fb7b8aecf061722ec75f6532 |
| SHA512 | f8139ae2e0375bf05bc94c8631dd980bae5be9714ea78730d9e7f0c3c2438ea4d2fae17601c04649bef2c95a684062cea826efe0e08336ea2a8a35aa420c39ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a
| MD5 | 6bc4851424575eaf03ebe2efee6073ab |
| SHA1 | 2d014fe2feb929d03a46322645a94556ca5c9e96 |
| SHA256 | abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e |
| SHA512 | af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b
| MD5 | fc97b88a7ce0b008366cd0260b0321dc |
| SHA1 | 4eae02aecb04fa15f0bb62036151fa016e64f7a9 |
| SHA256 | 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e |
| SHA512 | 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 43a94e82b0de4840bf53c0d42da99a81 |
| SHA1 | 20b6304f733d7d0fb0e446e2dbddc1eed070c15d |
| SHA256 | 79eb8ab9c92eed83d81b889af7a640cad8fc7267dd61d2876a8f5aca903f74ab |
| SHA512 | 276affb8e32e6c464abded760264ceaf5eb4f9bc1aa46fd827e3bfa9084879a0389afbdb3fe13bf984310d95b8bc3595a890254cae78908df6107abe1e2e8ceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 2d2b888c27b66f593f24d31eba370fa9 |
| SHA1 | 685f1b52d9b6349a3ff8a9cafd3495348897adb3 |
| SHA256 | f1632ef277dbbed97b63cbc70e87f6e93d72d0d76bcead6d28f1edf68b46744c |
| SHA512 | c22280ab317a0927f17b8c60c1f7259059ed77045b11c6b0790d1e2792ecebd208c14000c43e6081e2607dbc59249ad4696d30393fa40da3361e1d9ec4b5f764 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369653669989844
| MD5 | 89cb365455e1ee6f72a9cd5abfae9349 |
| SHA1 | 8c764bec124c5a47b34859f6ed2195f920dc3aa3 |
| SHA256 | 337ea719c52c9210cc9afe0e54b9e1fe6ff1242b083bb2a33eacb02a17a7603e |
| SHA512 | acb0bd4ad25a8817ffbeb3e81e4a7ecf921c57bafdb80426fb0021671e89288c8a07966ace10e52a35a8317426b024851db8e30fde80405d6315a8d30eeda94a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | be9a20dce2b55a1bb8f030f8e8387b68 |
| SHA1 | 1060bc8b433891d2849be75322f6d356422ea29b |
| SHA256 | 6cdcff6f385abc710887188ea942343969aa6da69a802f0ea0dd02969b697946 |
| SHA512 | 5539e052c072865ffb56c96ca17e6dfeb11186f3e61433e0aed3ca3006eb02a21a5e402a9b79ddd21c720f256e5e80f79ca3017e287abdcf3b723ec9dcd73b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 7cbc535c16f946b1c230aec67423c14c |
| SHA1 | fa98b7f383a6beb84d7f5e7453cd086ba6514b40 |
| SHA256 | dcb1ff4809322ca66562ec1a2785709388f0783f063deaefe7cfee302a7052a8 |
| SHA512 | 44387510e1e745ddbbcc507d5daf7b712e84c9418b2dfe2680463c1a714e9265919986ddf9d23e11a0988fd81f1e54df3c2c3a18c2c597d6ec4f72d88d34e2d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 273df998e1a315ea8c4768129fac9a9b |
| SHA1 | 8a5e8e48bc940454d41762e2411f0244de6a345a |
| SHA256 | cb56f74492ce071d41b7a229e189c24d0f782d9dbb6d4db75cf9df9df6856c2a |
| SHA512 | 10bc1672bbb7b5ea86f2d66025d0c96fafd85f1d805083fdc08ac508a87630f7b62e19260a8876c99a934b833abb4ff02ae4816644d6f640f64e0425dd52322f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/4668-730-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-732-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-731-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-739-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-738-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-737-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-736-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-734-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
memory/4668-735-0x0000021E08AC0000-0x0000021E08AC1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e739b75166dc36c2d1369b15fa95e6c1 |
| SHA1 | 3c1c53d13bf484ad04bd81a71d3056d5b0581a60 |
| SHA256 | e81b8416599c2bf978fc4f4c7ef1f9ed59ec047b4e7febe2b3df182b48a722a1 |
| SHA512 | 1577907d1af2037842b09dac062f8f7b9a9da34f733160a9b466d315d83aa018945069a77039e26130f39dc4cbccfdd5559a45d1542a43035f2b8126bfb90d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55003774930feced1c34a0f13907c5c1 |
| SHA1 | a4d12ea830f444865165ac63957c83e0af0c7f08 |
| SHA256 | 38f36b8e39ff33bb27967126dadfd4295c4254487453faf1807367102896ccd6 |
| SHA512 | 8cc8e596c1966f69ccf06ef5fd528090bd92a54273606bd64eeb072b5d0d43ea1a600ccfecd4be9475ca89dd55ed384f48f0e7598e6e42f57fe6a62e65d6892a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ba7d47a9e23ce7ef4635dd30768c828 |
| SHA1 | 1a1df9a3a4c730eac44b7819670ecdff3d7a61b0 |
| SHA256 | ebb3efb9dcbe1e6368bf39545968be6c5f3b52154316020afd271ed0e5828355 |
| SHA512 | 842da6e94d47f6ee029ca6f863856f795af2cc5620e85a6fa54fed61e3ab0a1ba5c8e5133087a130249e3ec7f72d9825b13cb617920c6a47477ae3d7bbda3352 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e49e53f8f28fbbc5f3ff4bddaa4bc931 |
| SHA1 | e9388af72d6a6e22e6048d2f50e0a1ed6a91cfad |
| SHA256 | b043bc2608f4bb854186b06414de39170506b6a50111bb3f441253ed2dc21666 |
| SHA512 | ba7ad98d4198824b686b14ec473c22e67d60fe02df5de4fec39e9f80e92aa77207cee4d98f7abe9a2b36df18768822ae74fd323d83048b6239659884f97c0ee4 |