Malware Analysis Report

2025-08-05 14:54

Sample ID 250704-wfr8yaxnt9
Target https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&
Tags
credential_access defense_evasion discovery execution spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498& was found to be: Likely malicious.

Malicious Activity Summary

credential_access defense_evasion discovery execution spyware stealer

Disables Task Manager via registry modification

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Command and Scripting Interpreter: PowerShell

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 17:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 17:52

Reported

2025-07-04 17:53

Platform

win10v2004-20250610-en

Max time kernel

81s

Max time network

82s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&

Signatures

Disables Task Manager via registry modification

defense_evasion

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A api.gofile.io N/A N/A
N/A discord.com N/A N/A
N/A api.gofile.io N/A N/A
N/A api.gofile.io N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961251396405690" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "116" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{198D6D7C-F663-4101-86F2-94C73BBAF196} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{16CCF625-33D7-40BE-A5BF-FF20274E49EE} C:\Users\Admin\Downloads\BestXineMenu.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{0F126BFA-8503-44AC-8707-320B64834592} C:\Users\Admin\Downloads\BestXineMenu.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
N/A N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BestXineMenu.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3636 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3636 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffda37cf208,0x7ffda37cf214,0x7ffda37cf220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1744,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2432,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3540,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4284,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4340,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6156,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3716,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6980,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7072,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7476,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7512,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7664,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3512,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5752,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:1

C:\Users\Admin\Downloads\BestXineMenu.exe

"C:\Users\Admin\Downloads\BestXineMenu.exe"

C:\Users\Admin\Downloads\BestXineMenu.exe

"C:\Users\Admin\Downloads\BestXineMenu.exe"

C:\Users\Admin\Downloads\BestXineMenu.exe

"C:\Users\Admin\Downloads\BestXineMenu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"

C:\Users\Admin\Downloads\BestXineMenu.exe

"C:\Users\Admin\Downloads\BestXineMenu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c shutdown /s /t 15

C:\Windows\system32\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\system32\shutdown.exe

shutdown /s /t 15

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c shutdown /s /t 15

C:\Windows\system32\shutdown.exe

shutdown /s /t 15

C:\Windows\system32\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3843855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 162.159.133.233:443 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
GB 2.20.12.74:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
N/A 224.0.0.251:5353 udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 redtiger.shop udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 api.gofile.io udp
FR 51.75.242.210:443 api.gofile.io tcp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
FR 51.75.242.210:443 api.gofile.io tcp
FR 31.14.70.245:443 store4.gofile.io tcp
US 162.159.128.233:443 discord.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed9ede2d7825c67ca21802f89806aa25
SHA1 3d6c75b37811c27e2e93acb1b6572d9c547fa5d3
SHA256 2aa2d3efb086d88b06b640e49aaa37eca46fd2ab53c636c393d0175e222677d4
SHA512 b49f1950efaf857f9e658511a2e41dae51c97880851700b0f6d212645863469bb56b3078ac7242cb9d6760b7682acb09624c1c87088d8260a046d704d7a0972d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed2a95e37fef644f7bee0048f232689c
SHA1 c0a665f5bd37fe1409a8212f0512ea2ef67729bf
SHA256 c494188aad051252d9cd966ffcbf93062bcde482c7dc8592aa65c7856f3dcca5
SHA512 022eaf0450bc38fad729c6add9a8a9eb95cae67bac9ad4247042fc25ac01e74c6e49ff70179a25e9cf0ed037dac55b1ba1d2444a87309f42996b3555297fc770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22cc2f1622011132c5024d3442e94c87
SHA1 1f416a49770e9802cce6f2dc9e4a0dc4d642d2c2
SHA256 20e4d1744d160cef472d81285ee6379a82ea43e5a583c5ffbe5bf1cc8d38127f
SHA512 f5f0b48f90a56239cfec91788f0c795548d69b0af096a8a7fe15b067fa83b35ce0f897a725874c2319f5c60b424ce8d495724fe05738d766d8cefee7c40e967f

\??\pipe\crashpad_3636_YPZXAFSAVMNWGOKR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ee4716cfeb5c6fc8c889380fd64ef491
SHA1 20fe543b6f5d223ac3ed2aea0770ef2970b69fd8
SHA256 a31c31deb75a4035a90889eeaabbe9ffff368b2085b2d629f382c48240177a1e
SHA512 cfc43209921da873017e10c382db4ab62a0fa4aa23bd3153a9a3ed716ea2cca009deb1516060be8a21c8d73d91bda21efef31fe65122ae2a289b23170fd5b760

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 164a788f50529fc93a6077e50675c617
SHA1 c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256 b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512 ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 fe8c328b3aaebc43c707a3480d17220e
SHA1 5ef5f3f985250eb60fa6291652cac8ced64051d5
SHA256 91466a25bbf4869c3c0db9c6e5367c0901df85fc0516dcdb52bfdea0a4f67cdc
SHA512 5eba54d8f5b599ef35dc297b28dca5d98ee276b9018493a24deb3d1deafcdcd12e0ab2464432788aeddae3b53ab4510f0c8983175bfa8f9d9ff124851415255d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Temp\scoped_dir3636_318080446\91d6faa5-850b-479b-9a70-2bad697ebae9.tmp

MD5 b384b2c8acf11d0ca778ea05a710bc01
SHA1 4d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA256 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

C:\Users\Admin\AppData\Local\Temp\5679b00e-f3da-419b-89c4-2ebd1626a1b6.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\ddb21a40-12df-481b-9b35-0a58087a1e75.tmp

MD5 78e47dda17341bed7be45dccfd89ac87
SHA1 1afde30e46997452d11e4a2adbbf35cce7a1404f
SHA256 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA512 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

MD5 3d20584f7f6c8eac79e17cca4207fb79
SHA1 3c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA256 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0303cba5ac7071f52da4d43535e3b58
SHA1 37f5598cd6185c5817d71f07d604a0eb65c32d66
SHA256 d51b62b4da2419f3ed372277bfa726489d01aa8c0a82b98c477b88682c4a5e6e
SHA512 88c2aa5e19865c17597276628319366299c93da5ed540679a924d7203060302c94424d999bdd4f061a7074bd73e61ca47f9beb1a690e59d4b61cfc3f035c391d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 efe921969cb155a835f545e1b54d1826
SHA1 cb1364e5154d489c93e7f78054a2c0644272a4e7
SHA256 670e244129fe0cd2aba50ebdc9c1b9373d4e162763f4127c33f0f842f0decfba
SHA512 1e7b150a4db75dad85673627191848c3db5f0f659018ced0af6a03e1516c936694e3e9d71bb91bd6c61944faddc717c87751f270bac32c0022c0772365f2b7b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d365cc5930f77e0fd6fff8dc8ac30629
SHA1 e76ef34879244205bec195392b4cfe98aac74b8e
SHA256 edfd68f25c124824705a33f2377e3fb032f77571b364e460f0c2efaf09879755
SHA512 68f93bf1556363136efe336287a3295cd46899c21f2ac50ee7fe9f80e5c4a43c0e3f69dfe7d8bbe75958c9794174d852f69117426e1766f6e6970d85e97c59f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f1d2.TMP

MD5 35cbb34689da358ed34a034acd1675e7
SHA1 03ead38a71ccf43fc7918d12596aa879cf55fdb5
SHA256 4f0e49ecea3d01fa5396ee3a6aac717167dafb3cd81ead49882bdd04e3ae3990
SHA512 8edc1e4f2564e2743e4a1ffa69344cf8f1d5d860627715f002091d2cbd0c66a858fe6c42efd3606323a1b2f0e4d4135d56bd6944edf1875f1fa36f4817cc4ada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 62de9f08048a994fd82570b02d766d37
SHA1 c53deec026af79b2bbcf82aac5798a47f7ed1d14
SHA256 382a7070a0f29afb746737271a3a6c38f3abbce72e458c12420f127348361448
SHA512 f3635aae2659a130f51fb5d5b4c94bbbf187409c0536e1e3312b98eef6a1a930f963dec70667c7d66aaa0a6c79befdbaafc8909b71b782d0f771d81732e9dc22

C:\Users\Admin\AppData\Local\Temp\_MEI57882\PyQt5\Qt5\translations\qt_help_en.qm

MD5 bcebcf42735c6849bdecbb77451021dd
SHA1 4884fd9af6890647b7af1aefa57f38cca49ad899
SHA256 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512 f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

C:\Users\Admin\AppData\Local\Temp\_MEI44842\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI44842\VCRUNTIME140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Users\Admin\AppData\Local\Temp\_MEI44842\python313.dll

MD5 7387fe038ea75eb9a57b054fccfe37bf
SHA1 5c532cbdfd718b5e80afb2ee8dea991e84757712
SHA256 69fd86ea29370697c203f7e12830084f920f490766a8e3045af52c036a9ad529
SHA512 c46c982b04079ed0b13617b81168598632d6c58d29e23fcbfa064b08e5836866b74880e1a9c01c12670531f13521a21177aafb10be0abb329a79291d7bff08bd

C:\Users\Admin\AppData\Local\Temp\_MEI44842\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_queue.pyd

MD5 cc0f4a77ccfe39efc8019fa8b74c06d0
SHA1 77a713cd5880d5254dd0d1cbfe0d6a45dfc869ce
SHA256 af8ac8ab8b39f53b5dc192fbf58ad704a709db34e69753b97b83d087202e3a36
SHA512 ffea0bd7f73b6c02df6ff37ef39b8e54e480a4cc734fb149adc5c7410f445effd1fdd4f24e4619f7158913a50c28cc73629524d1a7389101a75257d5652c7823

memory/1300-2900-0x00007FFDA05C0000-0x00007FFDA0823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_overlapped.pyd

MD5 363409fbacb1867f2ce45e3c6922ddb4
SHA1 045b1b90886f4b25d326ea3409a5f79570eae4b2
SHA256 7983f811ccd9c99c6db34b653339605ea45eb384f5e88a8b23ccf9fa5f0170d9
SHA512 c89288dd76821a18e18ce3e67f01b1a9f6a55751832aa1a4b44882f2115474ca131f95f3545adb9c2d8ecaf3269837126135395c719581a7493affaa96ea0dfe

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_multiprocessing.pyd

MD5 807dd90be59ea971dac06f3aab4f2a7e
SHA1 c4bea9db94127ef30e929b395d38175dc74e4dc0
SHA256 82253e2d6ec717b317e26ed7dd141aadaea6cb55a9d0fee022a67d52b404fd06
SHA512 61b9cf8ac06506002d273b59e2fb66ad96751b10d10faff9128749538867d45d561c1cf8dcb8e787ca6afdc8a1d504cb7012135dfe3a1f3d1fc0b107e4e1a8f9

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_hashlib.pyd

MD5 3e540ef568215561590df215801b0f59
SHA1 3b6db31a97115c10c33266cce8ff80463763c7e6
SHA256 52f29aebe9886e830dedc363cd64eb53b6830d84b26e14f1b6faa655a0900b5d
SHA512 21497a4d1d999a420ed0e146544f4149c72ad4aca4b869a0ee83267d92afa07609ece76a4e95ec706a21580d6544146d0a58c0baa01aa2c242474a4816108527

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_elementtree.pyd

MD5 ac10151b412bfb22ba9725bc9613c49e
SHA1 4152c799c6faa2a1606d40e1b9089e67efaec951
SHA256 fe09d0408aab3a6faa71467f78433df4c7f3ad0b033bb72ec43bde85abf6dcfb
SHA512 bf0641606c45285c3f18454e8f855d12963f51d910f20419b76405cc80530c38e17a791c580a9db6d171a5e1b9999a6dea661e22a62360d804183f9c0210a107

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_decimal.pyd

MD5 21fcb8e3d4310346a5dc1a216e7e23ca
SHA1 aab11aef9075715733e0fcde9668c6a51654b9e1
SHA256 4e27c06b84401039d10f800a0f06446b58508784ee366c7c8324d8fe9794e1a5
SHA512 c064550d1723e92512a42ce367ecef9331a81121305d66199abce6e0977152d927f7223f475e22c67e3f64b0f612c5553f112d8ce653c666a98d1980d200a599

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_cffi_backend.cp313-win_amd64.pyd

MD5 5cba92e7c00d09a55f5cbadc8d16cd26
SHA1 0300c6b62cd9db98562fdd3de32096ab194da4c8
SHA256 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA512 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_asyncio.pyd

MD5 56f958eebbc62305b4bf690d61c78e28
SHA1 68d1a227f8bef856469523364e37ae76b968162a
SHA256 a5341a74bbec1ddc807c0236fcb6bfaceaf3b957eb69cdd9bca00657eb5e42b6
SHA512 91b2a31835a5a0610856df1851c7bb1dea48a6740c63bd037971473706197e81e9904eaa6042a84fc15aa6aa74ac226463b67e2fa8370cbb8b0c987fed777169

C:\Users\Admin\AppData\Local\Temp\_MEI44842\zlib1.dll

MD5 ef398b5b1b901ce824c16c0af5b1d6f9
SHA1 ee6ab2f7f8aef41c3886a818418f86bca764c4d6
SHA256 f687e5dd99faab1023d036f09ef8ba3c09bd3464c8ced523341780e301bdf6a8
SHA512 7ed4666a21153adb44d3f34f868d590f66ab0d917746b31684c84a600c48fcafdc69d7bd6535b4c9e4400e614ee6e2e9e3ee59021dcef5e7340b73f3ae2ac831

C:\Users\Admin\AppData\Local\Temp\_MEI44842\VCRUNTIME140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\_MEI44842\unicodedata.pyd

MD5 503b3ffa6a5bf45ab34d6d74352f206b
SHA1 cc13b85281e5d52413784e0b65a61b1d037c60cc
SHA256 071494856fdad0042964769aa2fb1de4ea95c2cfcbe27cc7132293c68d13d710
SHA512 d20b860974161caa60a62268968af353ad8063589f57d71f57c91855eb83da78f40bae7aa745cc7a945d92ebe08cf244c9560ae93449de45b20a8b8fff9f5010

C:\Users\Admin\AppData\Local\Temp\_MEI44842\tk86t.dll

MD5 c644577350785b9a8e56c83bc7fe4a5a
SHA1 5fa4e6ec3b0d156c620971e14da30d1633263cf2
SHA256 ddc6b69c3897ddf3ea9fdfb4b4a6b9c3a667958d4dbf6b4bbcc50c93eb341370
SHA512 f96f9fa3673d5cbf1ed64092ef8d2433d47c1d48cb24c9087e5fd796c37a1546a61c8ed6760dc5e6739038e4336077544c522d00dd2c3fcf4f16205b6fc1d3b8

C:\Users\Admin\AppData\Local\Temp\_MEI44842\tcl86t.dll

MD5 3fba04c93cc59c04321970d123fd009c
SHA1 e39ef4bb5b9d795e33793523447cad9cc476c362
SHA256 137972bf582984df7ffe8983fa66d92dba6cc5887fe6784ffe1165bab57304b0
SHA512 67b2ae06c3610ade78a7f470113acdb787010cfc2628d9b3fcb487761c6b4533883cdb46f16223ea943a5410df4a79ce96b047bce17aa8fb67bb3fa779b86072

C:\Users\Admin\AppData\Local\Temp\_MEI44842\sqlite3.dll

MD5 090f55321224c4bb65d9b9d99045ac89
SHA1 e28591421fa4464ed4b31e31f66b6dd6db051c84
SHA256 441363c5b15394ca4b117200800722d48042c04407d03aac0d1a0a967b7c68e4
SHA512 fbe3767f227289cb5e2e3cd81c83e6a75f6344c6d7f507403eab59a8ab0e742edc1289694445c30abd763625b26edb980d04bc30c4d330c88bd7315c31ca2420

C:\Users\Admin\AppData\Local\Temp\_MEI44842\select.pyd

MD5 715a098175d3ca1c1da2dc5756b31860
SHA1 6b3ec06d679c48bfe4391535a822b58a02d79026
SHA256 6393121130a3e85d0f6562948024d8614c4c144b84ab102af711c638344d1599
SHA512 e92edb98427f594badec592493469d45deab3b71e4598d544d0b9a1acffd5327a19c09029fb79d70971cb0ed0dba56056bef8455534d3f16ec35eac723062f3c

C:\Users\Admin\AppData\Local\Temp\_MEI44842\pyexpat.pyd

MD5 4e6de7116d8c1c418080580c9795ac15
SHA1 ba948a3c17e12f113477639702a82e96298d1938
SHA256 554bbc65bfe8c19ba9bbd94f18977a8131109c6a4d64306778bd12250c2c5c56
SHA512 853e5cd9f753145cce9dd22f6e6a6e404fec7f0db322d2db4d7b18e9cfc065503ba4fab4adc33cbf7d1c2dc0d884413f73cbc28c290d5a41ce7f3f610dad99bc

C:\Users\Admin\AppData\Local\Temp\_MEI44842\libssl-3.dll

MD5 8d4805f0651186046c48d3e2356623db
SHA1 18c27c000384418abcf9c88a72f3d55d83beda91
SHA256 007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA512 1c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1

C:\Users\Admin\AppData\Local\Temp\_MEI44842\libcrypto-3.dll

MD5 ae5b2e9a3410839b31938f24b6fc5cd8
SHA1 9f9a14efc15c904f408a0d364d55a144427e4949
SHA256 ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA512 36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_lzma.pyd

MD5 d63e2e743ea103626d33b3c1d882f419
SHA1 af8a162b43f99b943d1c87c9a9e8088816263373
SHA256 48f16b587c6faa44a9e073365b19599200b0f0a0ccb70121e76c2dac4ed53281
SHA512 d3f1450b5def3c21f47c5133073e76d2ec05787eb6ae88bb70d3a34be84f6025540ac017e9415bb22ef36c2ffbfcea38a28842eefe366325f3d3cf2cca1a3cb1

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_bz2.pyd

MD5 684d656aada9f7d74f5a5bdcf16d0edb
SHA1 f7586da90d101b5ee3fa24f131ee93ab89606919
SHA256 449058efc99fccb9e24d640084d845c78f3f86dd34c5c126cf69e523d6320d75
SHA512 27fb2eca382675316fb96d18a1aa6b2792077481bf899cbcc658d71f787876045c05c98abf129c9670b6a1d2654d57f59e17580139fa7f482ec27234e44d4235

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_ctypes.pyd

MD5 29873384e13b0a78ee9857604161514b
SHA1 110f60f74b06b3972acd5908937a40e078636479
SHA256 5c0d5082fba1a2a3eb8d5e23073be25164c19f21304b09cecaab340dc7198815
SHA512 ca826ff5403700e6d8822634e364e43b14ef829095d8fe365b49731236f696fe86ffa3853cd1801dc3b7800d005a032fe23bbc25befe3952ef37790d56dee3c5

C:\Users\Admin\AppData\Local\Temp\_MEI44842\python3.dll

MD5 d6dfb6a9518a57e180980f7a07098d7d
SHA1 6026120461f5cbcd9255670b6a906fd8f5329073
SHA256 fdd54b6c495e9278e73d68203fff0c300e416e704852908cf5b06666cffead51
SHA512 2a0195a5038d7530b64a506a70de3a6b9cb64ca9206006e03f726b4420304e3a76c10fdda12c8a51f4dbd63e7112fd7e7727a4ab94e7a111587e4248a6b26a62

C:\Users\Admin\AppData\Local\Temp\_MEI44842\base_library.zip

MD5 f2ea5aa1dfd6f0ec3c62b32623a14bac
SHA1 bbc603e925c1f071661c81ae85124a8a220df1eb
SHA256 042acda399bb72a87dc7d37ce63d04470f6cb7d561e1f539f3be09fc9dd772ac
SHA512 cd371cb282f9be0cadfec1d317c6e9d7720844d84ecb6254ab62e0b42df438b8e264bc4929f2b45fa8784a08378861cf7b81566c3f4061056d4de58ac39efccf

memory/5204-3040-0x00007FFD9C510000-0x00007FFD9C773000-memory.dmp

memory/6072-3050-0x0000017AE6DC0000-0x0000017AE6DE2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_irt1ur0g.nll.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80e54cc8972b2413ab637969722c2f5a
SHA1 15efc551a74fab5f9e0469167133938a35d3aac5
SHA256 425bf511705d86e2584dd5ccffd0f57ba9ca8ad202febee662aa722da028c316
SHA512 de1a5e56fc8cb86fdfca042d6f6b9a2b7673f47674b4d8d56bd6b599d615041ca5e1d24aced817d1dbdb40466de9609cce254f1a0e328038e47f63e9122384b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7