Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/a29i84 was found to be: Known bad.
Malicious Activity Summary
Exelastealer family
Exela Stealer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Grants admin privileges
Modifies Windows Firewall
Downloads MZ/PE file
Themida packer
Executes dropped EXE
Checks BIOS information in registry
A potential corporate email address has been identified in the URL: httpswww.youtube.com@ripple9cbrd1
Loads dropped DLL
Reads user/profile data of web browsers
Clipboard Data
Looks up external IP address via web service
Network Service Discovery
Legitimate hosting services abused for malware hosting/C2
Hide Artifacts: Hidden Files and Directories
UPX packed file
Enumerates processes with tasklist
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
System Network Connections Discovery
System Network Configuration Discovery: Wi-Fi Discovery
Browser Information Discovery
Permission Groups Discovery: Local Groups
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Gathers system information
Gathers network information
Collects information from the system
Modifies registry class
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Uses Volume Shadow Copy WMI provider
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-25 17:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-25 17:13
Reported
2024-11-25 17:18
Platform
win10ltsc2021-20241023-en
Max time kernel
299s
Max time network
278s
Command Line
Signatures
Exela Stealer
Exelastealer family
Grants admin privileges
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
A potential corporate email address has been identified in the URL: httpswww.youtube.com@ripple9cbrd1
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
Clipboard Data
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TempAppFiles\volumeid.EXE | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ARP.EXE | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Hide Artifacts: Hidden Files and Directories
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d2628f27-57e9-4088-9015-d1ad25a24838.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241125171435.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Logs\CBS\CBS.log | C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe | N/A |
| File opened for modification | C:\Windows\CbsTemp | C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Permission Groups Discovery: Local Groups
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\TempAppFiles\volumeid.EXE | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
System Network Connections Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770284295404572" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1263212995-3575756360-1418101905-1000\{DDC0AF92-ACAD-4632-9A43-6C6CA22F5903} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1263212995-3575756360-1418101905-1000\{F3D9F8B5-AF95-409E-B2F7-4AA20516206E} | C:\Users\Admin\Desktop\RippleSpoofer.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/a29i84
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffbc7bacc40,0x7ffbc7bacc4c,0x7ffbc7bacc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2080 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4500,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4884,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5340,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5364,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5128,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5144,i,7291079506794514356,2116130418591757203,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5244 /prefetch:8
C:\Users\Admin\Desktop\RippleSpoofer.exe
"C:\Users\Admin\Desktop\RippleSpoofer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x444
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/Qt5NMSgdzU
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffbaba646f8,0x7ffbaba64708,0x7ffbaba64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff79d455460,0x7ff79d455470,0x7ff79d455480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15826331996325089332,16909967035410395342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@ripple9
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffbaba646f8,0x7ffbaba64708,0x7ffbaba64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,982307219145069693,7752304707203507979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SYSTEM32\taskkill.exe
"taskkill" /F /IM explorer.exe
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe
"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe"
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe
"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""
C:\Windows\system32\attrib.exe
attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2208"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2208
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3032"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3032
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1320"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1320
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4400"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4400
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1308"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1308
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2888"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2888
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3372"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3372
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2032"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2032
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 612"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 612
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1412"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1412
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5940"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5940
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
cmd.exe /c chcp
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Get-Clipboard
C:\Windows\system32\chcp.com
chcp
C:\Windows\system32\cmd.exe
cmd.exe /c chcp
C:\Windows\system32\chcp.com
chcp
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
C:\Windows\system32\HOSTNAME.EXE
hostname
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get caption,description,providername
C:\Windows\system32\net.exe
net user
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user
C:\Windows\system32\query.exe
query user
C:\Windows\system32\quser.exe
"C:\Windows\system32\quser.exe"
C:\Windows\system32\net.exe
net localgroup
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 localgroup
C:\Windows\system32\net.exe
net localgroup administrators
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 localgroup administrators
C:\Windows\system32\net.exe
net user guest
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user guest
C:\Windows\system32\net.exe
net user administrator
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user administrator
C:\Windows\System32\Wbem\WMIC.exe
wmic startup get caption,command
C:\Windows\system32\tasklist.exe
tasklist /svc
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\system32\ROUTE.EXE
route print
C:\Windows\system32\ARP.EXE
arp -a
C:\Windows\system32\NETSTAT.EXE
netstat -ano
C:\Windows\system32\sc.exe
sc query type= service state= all
C:\Windows\system32\netsh.exe
netsh firewall show state
C:\Windows\system32\netsh.exe
netsh firewall show config
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE
"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE"
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE
"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TempAppFiles\spoof.bat""
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\volumeid.EXE
"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\volumeid.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 148.251.53.118:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| DE | 144.76.28.254:443 | static.a-ads.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.53.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.28.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | uc121bc4d22c83429c137ba1a2f3.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uc121bc4d22c83429c137ba1a2f3.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | x.urs.microsoft.com | udp |
| GB | 51.140.244.186:443 | x.urs.microsoft.com | tcp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 172.217.169.78:443 | youtube.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | yt3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | yt3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.bunnycdn.com | udp |
| DE | 185.59.220.194:443 | storage.bunnycdn.com | tcp |
| US | 8.8.8.8:53 | 194.220.59.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| FR | 45.112.123.227:443 | store1.gofile.io | tcp |
| US | 8.8.8.8:53 | 227.123.112.45.in-addr.arpa | udp |
| N/A | 127.0.0.1:63091 | tcp | |
| N/A | 127.0.0.1:63098 | tcp | |
| N/A | 127.0.0.1:63101 | tcp | |
| N/A | 127.0.0.1:63103 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:63506 | tcp |
Files
\??\pipe\crashpad_2208_UYHCRUWUKINXOWRN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | b241951b12dd36311b209a71353089f5 |
| SHA1 | f611c177ef54cc3daf6d74d9fde4c7ec59ea31fe |
| SHA256 | 88d8a4a20b429d10316cf41e830ce4e2098831e336ea45a628a5ea08e0074078 |
| SHA512 | a2855e381cf4756a5e1830d25d733b23438de147d2a7d71a4aabd0708e65e781cd023cc981975955248fdaac839c7ba43fd7233b7fe2e78250892bce15c9dc3a |
C:\Users\Admin\Downloads\Unconfirmed 661167.crdownload
| MD5 | 76ed914a265f60ff93751afe02cf35a4 |
| SHA1 | 4f8ea583e5999faaec38be4c66ff4849fcf715c6 |
| SHA256 | 51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b |
| SHA512 | 83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8f2322a1ff74d190dc69c2398509a3fb |
| SHA1 | 344d93a008a6bdfba2465bef3a563dbdf8da5e36 |
| SHA256 | a8a5702f613c81af313f21c82f32826ad41109378327bb530cf567da40eaa542 |
| SHA512 | d8a0f4bd23dc5f91477e7c0c7c59131708b305ff3c3b520d3f1caf5a060d352e1aa71721367676a39f3f2bf167a7d5d034f7c1fded2989fca755ec3f7a67c5fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc1e9068fbcbd04d39f722d2cdffc3a1 |
| SHA1 | 5c4a09a225d1dabe00cb730c6def0b5de9e87ce4 |
| SHA256 | c4ea657feff75214524877fe1e09e85b26f95c1426bf7a2aa39ab7e281e42c3e |
| SHA512 | 02ad0deffeb096adcdf69a4f8f74f1b28d1f3d2b6f74ba61853b2f36a54a5b00cfca8daa28ec13f8ef4f7581751c8b969dea7ee398423b16f53e51866689d189 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8adfce7ca1e910e23502ddb1277fd1a9 |
| SHA1 | 8e2defb1b5e2037d4d31573ae2832e51c0d68b08 |
| SHA256 | b7981eb6b79be38e19382804378bc0d4716f04b7d1d59eb6a3b3d978393fc878 |
| SHA512 | ffa2ef6f4e7a466adf8b3d8a86999125c4048fb11ddb316c120f5d26626f868df5e555a38195f75d0389fa345179d52c3b317afa88741aeb154b13c543d3f3b8 |
memory/552-89-0x0000000000720000-0x00000000023A0000-memory.dmp
memory/552-90-0x00007FFBD6F2B000-0x00007FFBD6F2C000-memory.dmp
memory/552-93-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
memory/552-94-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
memory/552-92-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
memory/552-91-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
memory/552-96-0x0000000000720000-0x00000000023A0000-memory.dmp
memory/552-97-0x0000000000720000-0x00000000023A0000-memory.dmp
memory/552-99-0x000001E5EE000000-0x000001E5EE001000-memory.dmp
memory/552-100-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
memory/552-101-0x0000000000720000-0x00000000023A0000-memory.dmp
memory/552-102-0x000001E5F1850000-0x000001E5F1902000-memory.dmp
memory/552-103-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e6d375e6d7e024e26f03a4658a88d09a |
| SHA1 | d49e0c29acd49ea6d9a0e668a91ff35ad6aeb8a9 |
| SHA256 | 9606c11e11cb55d7444b45d0f5e6103b021bca9089f59d5182da5a79e9276a98 |
| SHA512 | b56da79b5e3ce350331d0374ab07be65a531ca68b8db62d4344437b5a067807530d23d3d09a7abbc7598598202e994f7f8f83b0d16db68da5110eaee7699e959 |
memory/552-109-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc80fc5d4f8c1887f7f6e5c634090d9b |
| SHA1 | 4928ed858aa146057e9ee53c6a4cf52c517805c6 |
| SHA256 | e000657f9d99925f68a40ec56acf790caf517a51f1d6b1f217636505d5cdad61 |
| SHA512 | 8f9224a5d83e5bfd90515490a3e90a55885c8776141358d8b68e7ba5bffcc67781a75834f5f167ef3e478783368ec91e2d3f83dc33f7d3622d1214630c8e8ccc |
memory/552-119-0x000001E5F1B20000-0x000001E5F1B42000-memory.dmp
memory/552-120-0x000001E5F1DB0000-0x000001E5F1FC4000-memory.dmp
memory/552-124-0x000001E5F2820000-0x000001E5F2854000-memory.dmp
memory/552-127-0x000001E5F2850000-0x000001E5F2864000-memory.dmp
memory/552-126-0x000001E5F1BA0000-0x000001E5F1BA8000-memory.dmp
memory/552-125-0x000001E5F2870000-0x000001E5F288A000-memory.dmp
memory/552-129-0x000001E5F2890000-0x000001E5F28C2000-memory.dmp
memory/552-131-0x00007FFBD6F10000-0x00007FFBD6FCD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 39191fa5187428284a12dd49cca7e9b9 |
| SHA1 | 36942ceec06927950e7d19d65dcc6fe31f0834f5 |
| SHA256 | 60bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671 |
| SHA512 | a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ef84d117d16b3d679146d02ac6e0136b |
| SHA1 | 3f6cc16ca6706b43779e84d24da752207030ccb4 |
| SHA256 | 5d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000 |
| SHA512 | 9f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 60d82bd601d64fd00bb0373f5ecd65b8 |
| SHA1 | 0e8bde426270dfa3ea285c2c5b7282ab37771d4c |
| SHA256 | bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97 |
| SHA512 | 5ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9bb3eb9587fbe14637060eebe6910a4 |
| SHA1 | c418e58e5f3b46174f46fea7a2221728d7915a2c |
| SHA256 | 99e94e1204b9aca3055c6179f6219ec10cc99b69ce1b86b59e353378d056fd3f |
| SHA512 | 0b80e979cd53c15145ed744f948a6b5673f6f5d05520e61f5477e0127e2679c33fe0c944f15c77de130bec1ca25d0696782830984bd79f78715badb7cca16001 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4342d414c69a3abfb13cffedc1a749a9 |
| SHA1 | e5d35bb6ab751d8e318c80088aa5c702d7e4fdd2 |
| SHA256 | f14441bb80ca47e77b1c0d785b217d3fc5100f6201c41c498e844465f7350c14 |
| SHA512 | 6bdf9a0ceba930484bd6c0c471c550e4240a58cbbf59418cf17f76102dafeac59d72907ed59471a077f42046f7b0ae9cd96228119479ef518ad3b9edb0a57d3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d03ffc33b4a7e245e221b2c2084238f5 |
| SHA1 | e9b5c6e84e5131495f3ce633b56bc5f9cc6cfa15 |
| SHA256 | 7b37a7c370fd100e3cf252a1d6c6f6906d5a8eebd53af38c72e678e649e4caff |
| SHA512 | 7d343ecdfd84f2196ebf2a3814de3c97abddb2fd3309f64b27eb988267cdf52b0336e3f00598cf916d7c5b05164c54ef59cb09be69581ffcb2fb29bb8b8e4489 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d540b01c70759cb8bb7d3a6d5191b6ab |
| SHA1 | 7b04f34a6c03a59b75d20e741d11a87d0f439798 |
| SHA256 | 1464761f6bdfbc688e724d7e9b491031ffd99f7ba0b47a09b9247538ef781529 |
| SHA512 | 2f652f9c9d07bdacc4108e5246e9c56e57215aa5c78f4e266ccd3345b6bdf875680a58151d92ffb1b9a0d97d3806a3b07d22d850d226097d12721fb0d4832d43 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e59c05128844c3e23576a43ac55ae634 |
| SHA1 | 800a401d54cd5ba98ad0523a6159efe31d6f36f7 |
| SHA256 | c4d59f8702e31bbeab193c9575b47dab085bde11221b72c5af7a6e0fcb60bd40 |
| SHA512 | 09aa842561257a68adabac6e08dfa7869cde57edad9d7ed33a79533885a577f8379425deab185baa5c2ce2e8c868b395a3c35c96f56071b1245939c088234f8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e2394c72976c9bad1f5a7768fa178ca7 |
| SHA1 | e6f7ea1203cf2d2d88457b27c59e587025a73e4c |
| SHA256 | 3fb06377efe6272d905974ae5304bd188efab7fdfe703471b63d9e6de8c92343 |
| SHA512 | fd5b518cd16c3349bac091c99f1d048c7acfdb8f7df1493bc7e16c6ae53946b7ae97f98addde23a1a4029bfbe8ac4711541793c257b36fb6c757bfa1040b190c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e8f43f94223ff6d4e32b728aaed863b8 |
| SHA1 | bbae81603d32ed050ecbe20b77dc275ff7d85d1b |
| SHA256 | de541fe9d38643ba89c711575a0f83c66108d092f10c6aaf243219a924c4ff8f |
| SHA512 | 721a59966fd5adaac1d5acafb05055356444a1d185a22727361587fcab78c782f1715ece4858f0736a6ac4c5ec8fdf74cc2b56280c573a8c49ea4dfb2608fc02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3c35309571623908026dc76733e24a3b |
| SHA1 | 780ad2d3a2c05a5614e48c01158420c22f7644f0 |
| SHA256 | fcdee7d88a1892d93ffc4ccb5e40f65da55127d53b21cc357300059eb0509f4c |
| SHA512 | 81c6ee6dd6b13a7aa750dcf81306a397675fd56420681b019331adca43cfd153bc6d1f07306b4f6c70a4c0f167b62ba2acc35d84dca9882be6beb883dea6e30c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be5640c7e2a4f06b5252ee8a57ed9f2e |
| SHA1 | 0cabfe070952092eef480e18d053a52260b71957 |
| SHA256 | 48ff9ee149fd7f3c4d44ce15ffd6bfd91d71f2f9a1576a1017593410cb8e039f |
| SHA512 | 6f73926670474e47d45c3952578d52a8f3f2739b473099c72e501185f0b248bbacca28e2ef6915445acb24277ff5cd336741d928c0616ae0b6088ed976408a16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78875f192355bdc67c03b386f3ada1dd |
| SHA1 | 641f8ec27531ddf0754f2295aa3f2b903d52e139 |
| SHA256 | 07e8807908ab98e4e0f9751b8c07d5178bc2b3794f615fe84746e0c0c737bba1 |
| SHA512 | d4cd0a907885ba0bffdf0a0650b3fe133f87abf20d752d50807222afcc645362e24cbd46fa002587b8d0e40b739d7a61197634494f1d98e1fe3a98b2a1eba7b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 94151f56c260e21c08349778ca9ce2d9 |
| SHA1 | b5280c37c0ecbdbdadfd40aa15aaa65ff70b29d0 |
| SHA256 | b8f6e3f8732b4ec95b986bb49f89f349db3b1f3fed3957b1a11b046997ed75c7 |
| SHA512 | 46d5e809926c0a9d9fc2f13fc88348cafa289e825720adec7d5ace37ed10a8895ee0d08ca870c4be1e7885c6d788dda7d07a1dee55a503b2c55dad329e9d08ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 82bd5aea3ce35dd13301216dd01ce6be |
| SHA1 | 332a6c51837750b7c77d00ba65086d3b607f4e2a |
| SHA256 | 37b85e626d00636f088a18094a452c684aabf14308d6b3bab89be294a042b590 |
| SHA512 | 545e345e99e4728d57042e2ad16068d91ff59b71c62b5bbff0e55ed1465c1848d1a15a48d83a04dc53d78d0c8f8435e104db37c40811ce8ff584f2dc41e4402e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7f2d9fc09ea981a67112e0cd26606639 |
| SHA1 | 9edc40a4dbf2ad3c01889f84449da0c102bf8966 |
| SHA256 | 6e013ef8c11b314a21f94096cd280eabd625c08ba865a87ad2969d6ac8fbb2c3 |
| SHA512 | 3fdf44c531097a57c8ec5d87539f2683e781bcf9ea9528036bb733d19c9601966587b835061cc1c8aaafc0ba9af001f1c099b29d418bf5ca73d29a5655d77c9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 738bd4475b621d1d60b6a507090ed866 |
| SHA1 | 8c16f2d9969681babe7a9f12b14b84d391c533e1 |
| SHA256 | 61313906475e15e1dadb20ddac5b0a27ea4a546a42d83986509669694fca5fe3 |
| SHA512 | 9bc273dadbfb48f383de70f7aa1375d328c510757466b62893e4ea75c1f252e149aa499868f167a3ec8f4657b7a1c104a54686fb4b46ac58f7d338498ffc12f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | c4ce91799d01004dd19c7373d8258278 |
| SHA1 | cf6664fd3ed0e4f41f13a82a92f53c7dafb22cde |
| SHA256 | dd176232c41a792b5d2358cdec5aa220dbc76d14ba003a22a341c27a18e211ed |
| SHA512 | 23dc8581a2d61df57b222672ba02653b65c482a3b12e13300868c31a82be5f3dade01b8c93c93de01ca300db9eee0059aa9ff5a5fc8e674b0dcc1545c69f5fc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 2bee97fe07abab4f8887201c0a19fe3b |
| SHA1 | 01af108b0f6271a4436afca527f550bc1b489440 |
| SHA256 | ec6fbcbae07722b072d173a9f425d6ef96429a5f481425ff3a1cb184d68e625f |
| SHA512 | a6ba83adc86151cd4c7d7df1f605030cdc526f50c944f2a41161dd22e11a95d0fb814a08cb545b694367af549204b7234d1138b42714d149fe42df0c5cf5ae38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
| MD5 | 1caa02ba1232aef3b41832c621072b9c |
| SHA1 | cd20be6f0c4576f611a978212edfd2d3534de225 |
| SHA256 | 98cd077235da508253b8826b891327847b155262fa4317a470b295db9c6b4f93 |
| SHA512 | 12f5874c864f29533e146c014b3d002f3d86f61b51c166c6f1990d0f33015bec0cf691834717413435c6f92b228dc8d781bb7e0f8e92e6d465bca0a4146c8a76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 7c44e383f3020fa6b33eeec52d58c45a |
| SHA1 | 4570efb056b1e98690aeb0b1c88f6746137d315a |
| SHA256 | ce669479c8d404cb175d9102af592eaaaadff9510cd9daa9983b248210b3c229 |
| SHA512 | 030b3b4b7fef0384d18a3c52368ddc9da45882707b3495e9057d8f5d11e6a9346c9c8dc1fac74a2206eae999ca9bae9e19f75b25e4bf0a57a9e51982e99b2b0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 2285d1411c90c3461322bbbbb2981a88 |
| SHA1 | 83af6eab7f097c76f8b3b6c7a3eadd2fbe0f0aa2 |
| SHA256 | ecd1161c415dacdc7b7d255fd6ed05cf7f22e201199e56a00641cbbab66a3b5c |
| SHA512 | d3d3f5e4c14dc4dee377972f47e03b8ebcd93850209eb6eca78c988157ad7a2190cdde4683139a28a1244d44bb5e12b1524f1795b847ce36b6284a486be8a1e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 6e40c634e9b1873ef5b13bfb2da2fda3 |
| SHA1 | 46a24cbc0c8946853e144736d5f7e0dd99202cd3 |
| SHA256 | 80b611b787fdb6b86b9cbe4af9b04c51053670ae16f5688c0a2501d18372cf3f |
| SHA512 | e4981c445edac91f92818e17367b64abe74f7ec16cb75e31dd192207b54751e2a7dfa026bba1511c2614da759f21c068d4445e1af30dec3f505b9e7b41dde0ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377028476083591
| MD5 | a3d9722dfefda336aecac07806bb0cb1 |
| SHA1 | beab8453bce7695b6f92778861d78fc71ec3af81 |
| SHA256 | 79a8cc14d34b80940260abfe587fdc54836407fa3453c98c3d4f04bf5e9bf334 |
| SHA512 | c335de67111c84492c81854b4c9b9616d818dd2adf52df0b20483d6711255679f74b1097039004be10bb4b64012e8c9ecd7141afada4a583834e97883f4196d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a6314ab-8d25-4605-8c02-6cebbc9d6cf4.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | dcbd2c9fc5e31505340fbcff6cb15d63 |
| SHA1 | 6e488ba3396a69230f846dd344f8492406d537a3 |
| SHA256 | 1fa0ba99d3c784a89257db375dd756e6e9222ea1206b643079b39c01ee35da1e |
| SHA512 | e3a432edda92fcd3af4d70cf1ee30e7e3e2fbea73981b7938047ede1c959a6c2736290fecd00d3cce75993b812f0ca4498321da249c8e7b2ac20b6d443779857 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 74647731499ef35e83c4a78a61006429 |
| SHA1 | 11e1af6b798a91eafe2506b397275e3d37eac679 |
| SHA256 | ad813ad3c6570ee87783575e8b86369c081e5f1c55b07c4d5803abf7e2d7cf1c |
| SHA512 | e67332c458fdd5588d019c9de6fef1daabe0e6e02a0c46db4bed758d0cdbcc74aee0d4ae86b4d4c45876f84cf4e448e8e06aa6015fe080a5ee9cba9042113615 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 6aa9918bbe7b9b45a7b25bc3bccad697 |
| SHA1 | a0c140edea918f86c848a4d34a4c138c30148fcf |
| SHA256 | 2c2ceae6857f8bf0fd3a59363884d3f60a17ff8f7f0de5a0c13f4ddf9597553d |
| SHA512 | a1ac89a67339049355b9366090ba14f64d8d1381e72cf56154dfc4bd7663a64d96a0703f7ae0c0eb928f2184020c2a883e7a726b4b70e8b98d1bc3d4718635d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 33a3030513b4fc7f717626697a6f2ec3 |
| SHA1 | 6d34f16bb3fec2ff4e12227fe6344a56f1e83141 |
| SHA256 | 2d2ae984c3aba56451abd412bf6d779e87083a5024e2c06a02e2886c64ad0160 |
| SHA512 | 01c99f2d7e01a6e49ba18e894c7049764d14580cf0bd38be6e9196ec9b30ff1ff5a5cdea03cf2dfdf2baf0aa80bb61120132ea306263a7baace6f520a848530d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 1c5aef229968e1c9a05278978342d67e |
| SHA1 | b785bb229506483040ca9888a804e2f2dfb4a3b2 |
| SHA256 | ff88eafc6a82d9770dad95439e6ac74b859199c39938674e78c1a72ea0443d36 |
| SHA512 | f0507a83b3d4f71ce7458aaec236c198257de3938bf41ff402cbb3ecdc91498ad9ea3485d4e02e458596074b2df456ef3981d3c3c02c1d54b8d4140064f03b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
| MD5 | 3a05eaea94307f8c57bac69c3df64e59 |
| SHA1 | 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8 |
| SHA256 | a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e |
| SHA512 | 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
| MD5 | 6a3a60a3f78299444aacaa89710a64b6 |
| SHA1 | 2a052bf5cf54f980475085eef459d94c3ce5ef55 |
| SHA256 | 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f |
| SHA512 | c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
| MD5 | e9c502db957cdb977e7f5745b34c32e6 |
| SHA1 | dbd72b0d3f46fa35a9fe2527c25271aec08e3933 |
| SHA256 | 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4 |
| SHA512 | b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
| MD5 | 52e2839549e67ce774547c9f07740500 |
| SHA1 | b172e16d7756483df0ca0a8d4f7640dd5d557201 |
| SHA256 | f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32 |
| SHA512 | d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
| MD5 | 6698422bea0359f6d385a4d059c47301 |
| SHA1 | b1107d1f8cc1ef600531ed87cea1c41b7be474f6 |
| SHA256 | 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 |
| SHA512 | d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
| MD5 | f222079e71469c4d129b335b7c91355e |
| SHA1 | 0056c3003874efef229a5875742559c8c59887dc |
| SHA256 | e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00 |
| SHA512 | e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8eddff47a5b60342cfe6a526d8cd07a0 |
| SHA1 | 69c74005363c219e9ba25959e4a74791801c8632 |
| SHA256 | b24442330b4b065a0df1437c348ac58c28d15f45e2888a7046d0b53bc5b45242 |
| SHA512 | e831c5dfe4391af54793a45ff0fb6cd832419d534105ab0cd7f2cbce374240778f02da5bb75dbf4aa1a00c0ab2d3535e940af0f9daf5c7cc1406e494368b364c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 14b805deb24e018de20beb02ff93c313 |
| SHA1 | d9d08fd73691e01bd7447017ca759aa13df440da |
| SHA256 | e010e09b94c319aee879519eee3c320e6c813395068944a6032e51c61c8978a3 |
| SHA512 | b4430460593e2af87567e91862f5fa05fd1b56784d0dfef5bf55b9551687f914cf5394fcad97649c15d2e7ef42d1498091057e9cec152bae935626964da01b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 487e56c7148773e203f2b8abcb335de8 |
| SHA1 | ce5cc43a4fd716e9f39b2e1c5966329f2dd1afcb |
| SHA256 | 93b9ff0c45b3b10a6953356d2b600b706cf59533b17ea6c24eb61a4050ebafd2 |
| SHA512 | c0b2d5e7273b85ec3bb82e41bb011415f3e03e822d849ed226872854716dfaec1aca6b7068039d4f282e6c59788aed74c150a58b9fafbc37dad5764b2fd108b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 22df0cd8e984808a90d84983d676930f |
| SHA1 | aeefc0e8ee9f8cbe11b934ddbac3dd6a79262eb2 |
| SHA256 | dc33d3a46126a2ceb1241cae19bebfff10d1253f0e50f054d4b5c8b84d1278d9 |
| SHA512 | 51a54725531dcf7a9d3f22a446fef4e261e836bed2bf7e32d2808cc05d3fa2f745d8d6743551aae458e3bcd53cd574634845aaeceeb0227c22483dac483f9023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 65dd33aaacbf7a9ea1f74766f4d4811b |
| SHA1 | 61392197ee30433f64288fe7de4a5cf886df448c |
| SHA256 | b8c13fa3fb359218f5a4a5e77c9a3be36a6f856d12f651670eb282d3a06a0e62 |
| SHA512 | a5f4284b00d46220c6953b1836c4767536dd470a4ba166db80334505dbfd7c3ad452de8bc11332e155b674b93c51bb47b29f9f82a294d6708644dd5b31d7be74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 57ce254b7df5969dac90be375e02e41b |
| SHA1 | 104ebf799b6f9aee488b04f18452d79fb4c004c0 |
| SHA256 | 8c85b34263bd709c64244b5b24f313823b555c8042eb4cc0fef56946f4aaf7f5 |
| SHA512 | fbebc7bc79490a4e95e34483547812393f3484f74c0eff08fc613feb42d7bd846cede6f636d76327a8f8a897d4b2ff3d888dfc3225102a88621e318d4b5d5600 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21f2c7d4-2a53-4019-be0f-fdfd6cb5433d\index-dir\the-real-index
| MD5 | 7e337d735ae573f5673b103dd9117e79 |
| SHA1 | b37a721fef7b6d61e5146e22a3e2c6fc906afa9e |
| SHA256 | e0bc29c5dc10cf0475fa5033fdd5b0f71c63a548c3810c5756fbcbe4e7cacf3d |
| SHA512 | 77cd057e06a7336410771b9db176310d52fde2e3c1bfa9df96ca675f26b3623b505cecfed20aeeddd602019ad1df16671c95ab32130c48f99732aea652b3df55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33415843579a12123da101dba46e8dc4 |
| SHA1 | 685647a905d3aefc609b9947baee20db4863c597 |
| SHA256 | f43df71f67fa8062627081fee1bbcb4817e5a4df70884743f2b1ce4d98b1f769 |
| SHA512 | 063cbd1cf7a0ad41aeacb091d0d9b737654ff1b1bd4548e7f72cb5d5b9edc732ab0332b87cc5b4025ce6311877b784aee674a99b1e2ce68ff99da0b4cb7d3918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 23bbc0471ad04d88b0fba702fa2beeeb |
| SHA1 | bf65c322ad7efa354d97de834d6fa8e143f31bbd |
| SHA256 | e5df17c7e5b848fc6c500a5b88a5e9d175f1989f6f8a557b28338abd9fba4d8f |
| SHA512 | 7d5dc5e88b3561411cf5b9389a8e1f8d8f1205644950852fcaa8afcfbc9252eb8b9929f4ce027b8077e70513a58b83c92281f010b2623760cb909881240960e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589bbe.TMP
| MD5 | dfd6abc63876660135912be27490789d |
| SHA1 | 1f8a9186338bf4e8dafd9407f8eefddbfa8c96d6 |
| SHA256 | 495bc183fac1033acb17997e1e262248425ba83bdb48464bdd2ee859f638017f |
| SHA512 | 5d379b59ec9951271e64996a8ce27f138e004b8fcfed66826ddf3fa584244e02a8250f6d45d5d3176c33982e465d281cb09da655c815f36453219969501468f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21f2c7d4-2a53-4019-be0f-fdfd6cb5433d\index-dir\the-real-index
| MD5 | d4be199e0de3036afbd8c280b2193769 |
| SHA1 | 634df9ebd8acf8d56f09ea18f5d10c42af0915c4 |
| SHA256 | 8b383bc1f46b3d412ae3efdc0164ba3d0e74c40cb1e1f99d867a0e27c0341cd2 |
| SHA512 | 17ca1f88c9d38198c59cdfd910d3ec65a162dc58305364982af929093c6938b97c236e8c639e82392ca2e8effaba78345d79d4aac8370df26c29dc240b464464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | aa187f5ee6687c4646bd797b8e80c583 |
| SHA1 | b2bda2a46fd4f2026ee9039100a5e0fc23aaa232 |
| SHA256 | f397a66b07448e9022626851f26de0614fe7f8971328bb9d717bfe6d953eb8e8 |
| SHA512 | 1c08ad76bdae78893e46187bc76ecde0276d77ec11ea33d3817103cb11f8dccf24ec929c8b2dcb26a4fecb7b65538a418f3a80ac11b72c940917e5a94a00b3d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e53da460-c92b-4069-94d7-1e4c458e8d99\index-dir\the-real-index
| MD5 | 90794b776674d6279572d623925f1607 |
| SHA1 | 02a901c8b44f3adcdd651fa9052db504852491e3 |
| SHA256 | 4d72dce89a078f1d43d78f1b0623b644697a7d6689ec272632c4f70f66388d84 |
| SHA512 | f890a06ffd51c0ad116a98c887567a6bf47eb611d4b3e807b092a2e5d9110e342a1778cf1a3041b247e97bf4199351847de8f591da9da65d98690d0908b34840 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e53da460-c92b-4069-94d7-1e4c458e8d99\index-dir\the-real-index~RFe589bbe.TMP
| MD5 | ca332503dcd3ae171e11928c57fa1830 |
| SHA1 | 5c91f5f0aefb9645fcf7c4caf9d29e9c0637e451 |
| SHA256 | dbedf87ecff283d0f7b4b55627eff5d49c044aa4de9dd9932db8d26086eaab7c |
| SHA512 | 4c64c649424de54d0887ee16e84bd21a9e033885f550d1ba8c2e00274164ab541d33113d036341d85fc11ac6ae0840e50b025bb845ab73a45981ccb9c8fbf25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5d4624f6db0da477312fb99b9f9dfda |
| SHA1 | 40e421b2fa7a6d078d2a3c2a31bf3611b7cb2410 |
| SHA256 | 712f4667933e0ac9f424cf4d5f0254277b46cc8668dfa8c88bc9998ac3723928 |
| SHA512 | a8aad8ee48031ff2f0d5c6e134bafe100ee3b13b5cf0b45fc1ee22d5a2cbc835cf7a1dda5777aa0d3c5f8fb0cba360e37adb68403873c3416f47631355897d4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c6975c0f982750f28961e70f7867d11 |
| SHA1 | 670cfa4003aa3e9dcc2ce7f9bc7f51f3e8246ffa |
| SHA256 | 1ff2448ddd5cbdee95e2471e5d345d30de49ca3756745f8c4ced9c05f011d9a9 |
| SHA512 | 037f5b3bfd8bd91016a9c98db17d0f5a7d13529e6bef7b208ae18e4b28fa473bdae16fd950332c932059b41157a99a1b94f3540a49b39961f623b4c67f7f7e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c736fbf122f85d6bdaf9bcce590b1af8 |
| SHA1 | 84bda65fd3149e646e0101d0e20ae08be428f9cd |
| SHA256 | 344fca2538f1d09b3d8ca3bc02e8b3a8fb7b19b49d3d2f8363c8adbab0658dc0 |
| SHA512 | 38eefe57f601757f55e6a691c6fa9d3f501df26359ba3b14b0cf7f3d5e8b80d739be828225c5c5482b588ecd3d5fcdd5023be078915a7ed34758ea0162e26ca1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f466f993b0cafdcb19103c97643d6ca0 |
| SHA1 | 1ed4ee7343f4ede187218c6e2437e449746d0a56 |
| SHA256 | 570e6528dce62295c5ff6e08281e0f128eb00ac8cab225d5762bdb5b1c0df3e8 |
| SHA512 | 9ed7300318bc75fc8622255736afd0ff4590e9ced9b0c515a47d382cc6100fa2b4525c2cbad9496618a50236582059abb3c3f3a98b69fddeb344793ef3ec3a74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 16306178c137358384d19756d15baf10 |
| SHA1 | 99efd3a1dba199d5ac2d1f070d2eecad38a3cb3b |
| SHA256 | b150978c3b26edf6338863b68dcd8d66550e6fd17760c010b161b55e2841092b |
| SHA512 | e128b0a472e9b184ad733465bf37edf7b8e20eaa9266cae5a993396569035e5cfc594cc2892337852ac791e3095538ce4194e3e3c0c74b6cc9be03539aa8f4b5 |
memory/6244-1104-0x00007FFBC00F0000-0x00007FFBC06D8000-memory.dmp
memory/6244-1105-0x00007FFBD1A20000-0x00007FFBD1A44000-memory.dmp
memory/6244-1106-0x00007FFBD1A10000-0x00007FFBD1A1F000-memory.dmp
memory/6244-1107-0x00007FFBD19F0000-0x00007FFBD1A09000-memory.dmp
memory/6244-1108-0x00007FFBD19E0000-0x00007FFBD19ED000-memory.dmp
memory/6244-1109-0x00007FFBD19C0000-0x00007FFBD19D9000-memory.dmp
memory/6244-1110-0x00007FFBCF130000-0x00007FFBCF15D000-memory.dmp
memory/6244-1111-0x00007FFBCF100000-0x00007FFBCF123000-memory.dmp
memory/6244-1112-0x00007FFBBFF70000-0x00007FFBC00E3000-memory.dmp
memory/6244-1113-0x00007FFBCF0D0000-0x00007FFBCF0FE000-memory.dmp
memory/6244-1115-0x00007FFBBF590000-0x00007FFBBF648000-memory.dmp
memory/6244-1116-0x000001F6DF1C0000-0x000001F6DF535000-memory.dmp
memory/6244-1118-0x00007FFBD1A20000-0x00007FFBD1A44000-memory.dmp
memory/6244-1117-0x00007FFBBE510000-0x00007FFBBE885000-memory.dmp
memory/6244-1114-0x00007FFBC00F0000-0x00007FFBC06D8000-memory.dmp
memory/6244-1121-0x00007FFBCF0B0000-0x00007FFBCF0C2000-memory.dmp
memory/6244-1120-0x00007FFBD19F0000-0x00007FFBD1A09000-memory.dmp
memory/6244-1125-0x00007FFBCDD30000-0x00007FFBCDD44000-memory.dmp
memory/6244-1127-0x00007FFBC9200000-0x00007FFBC9222000-memory.dmp
memory/6244-1129-0x00007FFBBF190000-0x00007FFBBF2AC000-memory.dmp
memory/6244-1132-0x00007FFBCDAE0000-0x00007FFBCDAFB000-memory.dmp
memory/6244-1131-0x00007FFBBFF70000-0x00007FFBC00E3000-memory.dmp
memory/6244-1137-0x00007FFBC88B0000-0x00007FFBC88FD000-memory.dmp
memory/6244-1143-0x00007FFBC8930000-0x00007FFBC894E000-memory.dmp
memory/6244-1144-0x00007FFBAB1A0000-0x00007FFBAB92A000-memory.dmp
memory/6244-1142-0x00007FFBD1660000-0x00007FFBD1675000-memory.dmp
memory/6244-1141-0x00007FFBC91B0000-0x00007FFBC91BA000-memory.dmp
memory/6244-1140-0x00007FFBC91C0000-0x00007FFBC91D1000-memory.dmp
memory/6244-1145-0x00007FFBC8700000-0x00007FFBC8737000-memory.dmp
memory/6244-1139-0x00007FFBBE510000-0x00007FFBBE885000-memory.dmp
memory/6244-1138-0x00007FFBC8740000-0x00007FFBC8772000-memory.dmp
memory/6244-1136-0x00007FFBBF590000-0x00007FFBBF648000-memory.dmp
memory/6244-1135-0x00007FFBC91E0000-0x00007FFBC91F9000-memory.dmp
memory/6244-1134-0x000001F6DF1C0000-0x000001F6DF535000-memory.dmp
memory/6244-1133-0x00007FFBCF0D0000-0x00007FFBCF0FE000-memory.dmp
memory/6244-1128-0x00007FFBCF100000-0x00007FFBCF123000-memory.dmp
memory/6244-1126-0x00007FFBCF130000-0x00007FFBCF15D000-memory.dmp
memory/6244-1124-0x00007FFBD19C0000-0x00007FFBD19D9000-memory.dmp
memory/6244-1123-0x00007FFBCDD50000-0x00007FFBCDD64000-memory.dmp
memory/6244-1122-0x00007FFBD19E0000-0x00007FFBD19ED000-memory.dmp
memory/6244-1119-0x00007FFBD1660000-0x00007FFBD1675000-memory.dmp
memory/6244-1185-0x00007FFBC9200000-0x00007FFBC9222000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DownloadData.db
| MD5 | ccd077013053d7208af8aed00ca58e57 |
| SHA1 | 1a4a805906c6f7d1a3cc0c446f01a432e5ca46d0 |
| SHA256 | ff82fb73f6e7261fa999e41279ac34ba56384d88baab1ea9efb4c50de16d3be1 |
| SHA512 | 6206faff1722e916f788c5cacb26a506a55f420a20ae68a707756f88fe4a886b255547d7637121a0783db17de279ce04f3f6ee5942a23eb1342d39bf2556255c |
memory/6244-1220-0x00007FFBC91A0000-0x00007FFBC91AD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zwe2qdah.akp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6244-1236-0x00007FFBCDAE0000-0x00007FFBCDAFB000-memory.dmp
memory/6244-1237-0x00007FFBC91E0000-0x00007FFBC91F9000-memory.dmp
memory/6244-1238-0x00007FFBC88B0000-0x00007FFBC88FD000-memory.dmp
memory/6244-1239-0x00007FFBC8740000-0x00007FFBC8772000-memory.dmp
memory/6244-1249-0x00007FFBAB1A0000-0x00007FFBAB92A000-memory.dmp
memory/6244-1279-0x00007FFBC8700000-0x00007FFBC8737000-memory.dmp
memory/6244-1278-0x00007FFBC91A0000-0x00007FFBC91AD000-memory.dmp
memory/6244-1262-0x00007FFBBE510000-0x00007FFBBE885000-memory.dmp
memory/6244-1270-0x00007FFBC91E0000-0x00007FFBC91F9000-memory.dmp
memory/6244-1264-0x00007FFBCF0B0000-0x00007FFBCF0C2000-memory.dmp
memory/6244-1263-0x00007FFBD1660000-0x00007FFBD1675000-memory.dmp
memory/6244-1261-0x00007FFBBF590000-0x00007FFBBF648000-memory.dmp
memory/6244-1251-0x00007FFBC00F0000-0x00007FFBC06D8000-memory.dmp
memory/6244-1260-0x00007FFBCF0D0000-0x00007FFBCF0FE000-memory.dmp
memory/6244-1259-0x00007FFBBFF70000-0x00007FFBC00E3000-memory.dmp
memory/6244-1252-0x00007FFBD1A20000-0x00007FFBD1A44000-memory.dmp
memory/6244-1300-0x00007FFBC91E0000-0x00007FFBC91F9000-memory.dmp
memory/6244-1293-0x00007FFBD1660000-0x00007FFBD1675000-memory.dmp
memory/6244-1281-0x00007FFBC00F0000-0x00007FFBC06D8000-memory.dmp
memory/6244-1573-0x00007FFBD1A20000-0x00007FFBD1A44000-memory.dmp
memory/6244-1583-0x00007FFBCDD30000-0x00007FFBCDD44000-memory.dmp
memory/6244-1596-0x00007FFBC8930000-0x00007FFBC894E000-memory.dmp
memory/6244-1595-0x00007FFBBF190000-0x00007FFBBF2AC000-memory.dmp
memory/6244-1597-0x00007FFBAB1A0000-0x00007FFBAB92A000-memory.dmp
memory/6244-1594-0x00007FFBBF590000-0x00007FFBBF648000-memory.dmp
memory/6244-1593-0x00007FFBC8740000-0x00007FFBC8772000-memory.dmp
memory/6244-1592-0x00007FFBC91E0000-0x00007FFBC91F9000-memory.dmp
memory/6244-1591-0x00007FFBCDAE0000-0x00007FFBCDAFB000-memory.dmp
memory/6244-1590-0x00007FFBC91B0000-0x00007FFBC91BA000-memory.dmp
memory/6244-1589-0x00007FFBC9200000-0x00007FFBC9222000-memory.dmp
memory/6244-1588-0x00007FFBC88B0000-0x00007FFBC88FD000-memory.dmp
memory/6244-1587-0x00007FFBCDD50000-0x00007FFBCDD64000-memory.dmp
memory/6244-1586-0x00007FFBCF0B0000-0x00007FFBCF0C2000-memory.dmp
memory/6244-1585-0x00007FFBD1660000-0x00007FFBD1675000-memory.dmp
memory/6244-1584-0x00007FFBC00F0000-0x00007FFBC06D8000-memory.dmp
memory/6244-1582-0x00007FFBC91C0000-0x00007FFBC91D1000-memory.dmp
memory/6244-1581-0x00007FFBCF0D0000-0x00007FFBCF0FE000-memory.dmp
memory/6244-1580-0x00007FFBBFF70000-0x00007FFBC00E3000-memory.dmp
memory/6244-1579-0x00007FFBCF100000-0x00007FFBCF123000-memory.dmp
memory/6244-1578-0x00007FFBCF130000-0x00007FFBCF15D000-memory.dmp
memory/6244-1577-0x00007FFBD19C0000-0x00007FFBD19D9000-memory.dmp
memory/6244-1576-0x00007FFBD19E0000-0x00007FFBD19ED000-memory.dmp
memory/6244-1575-0x00007FFBD19F0000-0x00007FFBD1A09000-memory.dmp
memory/6244-1574-0x00007FFBD1A10000-0x00007FFBD1A1F000-memory.dmp
memory/6244-1572-0x00007FFBBE510000-0x00007FFBBE885000-memory.dmp