Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498& was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Command and Scripting Interpreter: PowerShell
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 17:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 17:52
Reported
2025-07-04 17:53
Platform
win10v2004-20250610-en
Max time kernel
81s
Max time network
82s
Command Line
Signatures
Disables Task Manager via registry modification
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | api.gofile.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | api.gofile.io | N/A | N/A |
| N/A | api.gofile.io | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961251396405690" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "116" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{198D6D7C-F663-4101-86F2-94C73BBAF196} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{16CCF625-33D7-40BE-A5BF-FF20274E49EE} | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{0F126BFA-8503-44AC-8707-320B64834592} | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BestXineMenu.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffda37cf208,0x7ffda37cf214,0x7ffda37cf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1744,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2432,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3540,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4284,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4340,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6156,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3716,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6980,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7072,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7476,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7512,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7664,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3512,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5752,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:1
C:\Users\Admin\Downloads\BestXineMenu.exe
"C:\Users\Admin\Downloads\BestXineMenu.exe"
C:\Users\Admin\Downloads\BestXineMenu.exe
"C:\Users\Admin\Downloads\BestXineMenu.exe"
C:\Users\Admin\Downloads\BestXineMenu.exe
"C:\Users\Admin\Downloads\BestXineMenu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"
C:\Users\Admin\Downloads\BestXineMenu.exe
"C:\Users\Admin\Downloads\BestXineMenu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown /s /t 15
C:\Windows\system32\reg.exe
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\shutdown.exe
shutdown /s /t 15
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown /s /t 15
C:\Windows\system32\shutdown.exe
shutdown /s /t 15
C:\Windows\system32\reg.exe
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3843855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.20.12.74:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | redtiger.shop | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.75.242.210:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| FR | 51.75.242.210:443 | api.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed9ede2d7825c67ca21802f89806aa25 |
| SHA1 | 3d6c75b37811c27e2e93acb1b6572d9c547fa5d3 |
| SHA256 | 2aa2d3efb086d88b06b640e49aaa37eca46fd2ab53c636c393d0175e222677d4 |
| SHA512 | b49f1950efaf857f9e658511a2e41dae51c97880851700b0f6d212645863469bb56b3078ac7242cb9d6760b7682acb09624c1c87088d8260a046d704d7a0972d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ed2a95e37fef644f7bee0048f232689c |
| SHA1 | c0a665f5bd37fe1409a8212f0512ea2ef67729bf |
| SHA256 | c494188aad051252d9cd966ffcbf93062bcde482c7dc8592aa65c7856f3dcca5 |
| SHA512 | 022eaf0450bc38fad729c6add9a8a9eb95cae67bac9ad4247042fc25ac01e74c6e49ff70179a25e9cf0ed037dac55b1ba1d2444a87309f42996b3555297fc770 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 22cc2f1622011132c5024d3442e94c87 |
| SHA1 | 1f416a49770e9802cce6f2dc9e4a0dc4d642d2c2 |
| SHA256 | 20e4d1744d160cef472d81285ee6379a82ea43e5a583c5ffbe5bf1cc8d38127f |
| SHA512 | f5f0b48f90a56239cfec91788f0c795548d69b0af096a8a7fe15b067fa83b35ce0f897a725874c2319f5c60b424ce8d495724fe05738d766d8cefee7c40e967f |
\??\pipe\crashpad_3636_YPZXAFSAVMNWGOKR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ee4716cfeb5c6fc8c889380fd64ef491 |
| SHA1 | 20fe543b6f5d223ac3ed2aea0770ef2970b69fd8 |
| SHA256 | a31c31deb75a4035a90889eeaabbe9ffff368b2085b2d629f382c48240177a1e |
| SHA512 | cfc43209921da873017e10c382db4ab62a0fa4aa23bd3153a9a3ed716ea2cca009deb1516060be8a21c8d73d91bda21efef31fe65122ae2a289b23170fd5b760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | fe8c328b3aaebc43c707a3480d17220e |
| SHA1 | 5ef5f3f985250eb60fa6291652cac8ced64051d5 |
| SHA256 | 91466a25bbf4869c3c0db9c6e5367c0901df85fc0516dcdb52bfdea0a4f67cdc |
| SHA512 | 5eba54d8f5b599ef35dc297b28dca5d98ee276b9018493a24deb3d1deafcdcd12e0ab2464432788aeddae3b53ab4510f0c8983175bfa8f9d9ff124851415255d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3636_318080446\91d6faa5-850b-479b-9a70-2bad697ebae9.tmp
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Temp\5679b00e-f3da-419b-89c4-2ebd1626a1b6.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\ddb21a40-12df-481b-9b35-0a58087a1e75.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0303cba5ac7071f52da4d43535e3b58 |
| SHA1 | 37f5598cd6185c5817d71f07d604a0eb65c32d66 |
| SHA256 | d51b62b4da2419f3ed372277bfa726489d01aa8c0a82b98c477b88682c4a5e6e |
| SHA512 | 88c2aa5e19865c17597276628319366299c93da5ed540679a924d7203060302c94424d999bdd4f061a7074bd73e61ca47f9beb1a690e59d4b61cfc3f035c391d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | efe921969cb155a835f545e1b54d1826 |
| SHA1 | cb1364e5154d489c93e7f78054a2c0644272a4e7 |
| SHA256 | 670e244129fe0cd2aba50ebdc9c1b9373d4e162763f4127c33f0f842f0decfba |
| SHA512 | 1e7b150a4db75dad85673627191848c3db5f0f659018ced0af6a03e1516c936694e3e9d71bb91bd6c61944faddc717c87751f270bac32c0022c0772365f2b7b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d365cc5930f77e0fd6fff8dc8ac30629 |
| SHA1 | e76ef34879244205bec195392b4cfe98aac74b8e |
| SHA256 | edfd68f25c124824705a33f2377e3fb032f77571b364e460f0c2efaf09879755 |
| SHA512 | 68f93bf1556363136efe336287a3295cd46899c21f2ac50ee7fe9f80e5c4a43c0e3f69dfe7d8bbe75958c9794174d852f69117426e1766f6e6970d85e97c59f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f1d2.TMP
| MD5 | 35cbb34689da358ed34a034acd1675e7 |
| SHA1 | 03ead38a71ccf43fc7918d12596aa879cf55fdb5 |
| SHA256 | 4f0e49ecea3d01fa5396ee3a6aac717167dafb3cd81ead49882bdd04e3ae3990 |
| SHA512 | 8edc1e4f2564e2743e4a1ffa69344cf8f1d5d860627715f002091d2cbd0c66a858fe6c42efd3606323a1b2f0e4d4135d56bd6944edf1875f1fa36f4817cc4ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 62de9f08048a994fd82570b02d766d37 |
| SHA1 | c53deec026af79b2bbcf82aac5798a47f7ed1d14 |
| SHA256 | 382a7070a0f29afb746737271a3a6c38f3abbce72e458c12420f127348361448 |
| SHA512 | f3635aae2659a130f51fb5d5b4c94bbbf187409c0536e1e3312b98eef6a1a930f963dec70667c7d66aaa0a6c79befdbaafc8909b71b782d0f771d81732e9dc22 |
C:\Users\Admin\AppData\Local\Temp\_MEI57882\PyQt5\Qt5\translations\qt_help_en.qm
| MD5 | bcebcf42735c6849bdecbb77451021dd |
| SHA1 | 4884fd9af6890647b7af1aefa57f38cca49ad899 |
| SHA256 | 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85 |
| SHA512 | f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\VCRUNTIME140.dll
| MD5 | 32da96115c9d783a0769312c0482a62d |
| SHA1 | 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b |
| SHA256 | 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4 |
| SHA512 | 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\python313.dll
| MD5 | 7387fe038ea75eb9a57b054fccfe37bf |
| SHA1 | 5c532cbdfd718b5e80afb2ee8dea991e84757712 |
| SHA256 | 69fd86ea29370697c203f7e12830084f920f490766a8e3045af52c036a9ad529 |
| SHA512 | c46c982b04079ed0b13617b81168598632d6c58d29e23fcbfa064b08e5836866b74880e1a9c01c12670531f13521a21177aafb10be0abb329a79291d7bff08bd |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_queue.pyd
| MD5 | cc0f4a77ccfe39efc8019fa8b74c06d0 |
| SHA1 | 77a713cd5880d5254dd0d1cbfe0d6a45dfc869ce |
| SHA256 | af8ac8ab8b39f53b5dc192fbf58ad704a709db34e69753b97b83d087202e3a36 |
| SHA512 | ffea0bd7f73b6c02df6ff37ef39b8e54e480a4cc734fb149adc5c7410f445effd1fdd4f24e4619f7158913a50c28cc73629524d1a7389101a75257d5652c7823 |
memory/1300-2900-0x00007FFDA05C0000-0x00007FFDA0823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_overlapped.pyd
| MD5 | 363409fbacb1867f2ce45e3c6922ddb4 |
| SHA1 | 045b1b90886f4b25d326ea3409a5f79570eae4b2 |
| SHA256 | 7983f811ccd9c99c6db34b653339605ea45eb384f5e88a8b23ccf9fa5f0170d9 |
| SHA512 | c89288dd76821a18e18ce3e67f01b1a9f6a55751832aa1a4b44882f2115474ca131f95f3545adb9c2d8ecaf3269837126135395c719581a7493affaa96ea0dfe |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_multiprocessing.pyd
| MD5 | 807dd90be59ea971dac06f3aab4f2a7e |
| SHA1 | c4bea9db94127ef30e929b395d38175dc74e4dc0 |
| SHA256 | 82253e2d6ec717b317e26ed7dd141aadaea6cb55a9d0fee022a67d52b404fd06 |
| SHA512 | 61b9cf8ac06506002d273b59e2fb66ad96751b10d10faff9128749538867d45d561c1cf8dcb8e787ca6afdc8a1d504cb7012135dfe3a1f3d1fc0b107e4e1a8f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_hashlib.pyd
| MD5 | 3e540ef568215561590df215801b0f59 |
| SHA1 | 3b6db31a97115c10c33266cce8ff80463763c7e6 |
| SHA256 | 52f29aebe9886e830dedc363cd64eb53b6830d84b26e14f1b6faa655a0900b5d |
| SHA512 | 21497a4d1d999a420ed0e146544f4149c72ad4aca4b869a0ee83267d92afa07609ece76a4e95ec706a21580d6544146d0a58c0baa01aa2c242474a4816108527 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_elementtree.pyd
| MD5 | ac10151b412bfb22ba9725bc9613c49e |
| SHA1 | 4152c799c6faa2a1606d40e1b9089e67efaec951 |
| SHA256 | fe09d0408aab3a6faa71467f78433df4c7f3ad0b033bb72ec43bde85abf6dcfb |
| SHA512 | bf0641606c45285c3f18454e8f855d12963f51d910f20419b76405cc80530c38e17a791c580a9db6d171a5e1b9999a6dea661e22a62360d804183f9c0210a107 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_decimal.pyd
| MD5 | 21fcb8e3d4310346a5dc1a216e7e23ca |
| SHA1 | aab11aef9075715733e0fcde9668c6a51654b9e1 |
| SHA256 | 4e27c06b84401039d10f800a0f06446b58508784ee366c7c8324d8fe9794e1a5 |
| SHA512 | c064550d1723e92512a42ce367ecef9331a81121305d66199abce6e0977152d927f7223f475e22c67e3f64b0f612c5553f112d8ce653c666a98d1980d200a599 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_cffi_backend.cp313-win_amd64.pyd
| MD5 | 5cba92e7c00d09a55f5cbadc8d16cd26 |
| SHA1 | 0300c6b62cd9db98562fdd3de32096ab194da4c8 |
| SHA256 | 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85 |
| SHA512 | 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_asyncio.pyd
| MD5 | 56f958eebbc62305b4bf690d61c78e28 |
| SHA1 | 68d1a227f8bef856469523364e37ae76b968162a |
| SHA256 | a5341a74bbec1ddc807c0236fcb6bfaceaf3b957eb69cdd9bca00657eb5e42b6 |
| SHA512 | 91b2a31835a5a0610856df1851c7bb1dea48a6740c63bd037971473706197e81e9904eaa6042a84fc15aa6aa74ac226463b67e2fa8370cbb8b0c987fed777169 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\zlib1.dll
| MD5 | ef398b5b1b901ce824c16c0af5b1d6f9 |
| SHA1 | ee6ab2f7f8aef41c3886a818418f86bca764c4d6 |
| SHA256 | f687e5dd99faab1023d036f09ef8ba3c09bd3464c8ced523341780e301bdf6a8 |
| SHA512 | 7ed4666a21153adb44d3f34f868d590f66ab0d917746b31684c84a600c48fcafdc69d7bd6535b4c9e4400e614ee6e2e9e3ee59021dcef5e7340b73f3ae2ac831 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\VCRUNTIME140_1.dll
| MD5 | c0c0b4c611561f94798b62eb43097722 |
| SHA1 | 523f515eed3af6d50e57a3eaeb906f4ccc1865fe |
| SHA256 | 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8 |
| SHA512 | 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\unicodedata.pyd
| MD5 | 503b3ffa6a5bf45ab34d6d74352f206b |
| SHA1 | cc13b85281e5d52413784e0b65a61b1d037c60cc |
| SHA256 | 071494856fdad0042964769aa2fb1de4ea95c2cfcbe27cc7132293c68d13d710 |
| SHA512 | d20b860974161caa60a62268968af353ad8063589f57d71f57c91855eb83da78f40bae7aa745cc7a945d92ebe08cf244c9560ae93449de45b20a8b8fff9f5010 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\tk86t.dll
| MD5 | c644577350785b9a8e56c83bc7fe4a5a |
| SHA1 | 5fa4e6ec3b0d156c620971e14da30d1633263cf2 |
| SHA256 | ddc6b69c3897ddf3ea9fdfb4b4a6b9c3a667958d4dbf6b4bbcc50c93eb341370 |
| SHA512 | f96f9fa3673d5cbf1ed64092ef8d2433d47c1d48cb24c9087e5fd796c37a1546a61c8ed6760dc5e6739038e4336077544c522d00dd2c3fcf4f16205b6fc1d3b8 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\tcl86t.dll
| MD5 | 3fba04c93cc59c04321970d123fd009c |
| SHA1 | e39ef4bb5b9d795e33793523447cad9cc476c362 |
| SHA256 | 137972bf582984df7ffe8983fa66d92dba6cc5887fe6784ffe1165bab57304b0 |
| SHA512 | 67b2ae06c3610ade78a7f470113acdb787010cfc2628d9b3fcb487761c6b4533883cdb46f16223ea943a5410df4a79ce96b047bce17aa8fb67bb3fa779b86072 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\sqlite3.dll
| MD5 | 090f55321224c4bb65d9b9d99045ac89 |
| SHA1 | e28591421fa4464ed4b31e31f66b6dd6db051c84 |
| SHA256 | 441363c5b15394ca4b117200800722d48042c04407d03aac0d1a0a967b7c68e4 |
| SHA512 | fbe3767f227289cb5e2e3cd81c83e6a75f6344c6d7f507403eab59a8ab0e742edc1289694445c30abd763625b26edb980d04bc30c4d330c88bd7315c31ca2420 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\select.pyd
| MD5 | 715a098175d3ca1c1da2dc5756b31860 |
| SHA1 | 6b3ec06d679c48bfe4391535a822b58a02d79026 |
| SHA256 | 6393121130a3e85d0f6562948024d8614c4c144b84ab102af711c638344d1599 |
| SHA512 | e92edb98427f594badec592493469d45deab3b71e4598d544d0b9a1acffd5327a19c09029fb79d70971cb0ed0dba56056bef8455534d3f16ec35eac723062f3c |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\pyexpat.pyd
| MD5 | 4e6de7116d8c1c418080580c9795ac15 |
| SHA1 | ba948a3c17e12f113477639702a82e96298d1938 |
| SHA256 | 554bbc65bfe8c19ba9bbd94f18977a8131109c6a4d64306778bd12250c2c5c56 |
| SHA512 | 853e5cd9f753145cce9dd22f6e6a6e404fec7f0db322d2db4d7b18e9cfc065503ba4fab4adc33cbf7d1c2dc0d884413f73cbc28c290d5a41ce7f3f610dad99bc |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\libssl-3.dll
| MD5 | 8d4805f0651186046c48d3e2356623db |
| SHA1 | 18c27c000384418abcf9c88a72f3d55d83beda91 |
| SHA256 | 007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe |
| SHA512 | 1c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\libcrypto-3.dll
| MD5 | ae5b2e9a3410839b31938f24b6fc5cd8 |
| SHA1 | 9f9a14efc15c904f408a0d364d55a144427e4949 |
| SHA256 | ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7 |
| SHA512 | 36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_lzma.pyd
| MD5 | d63e2e743ea103626d33b3c1d882f419 |
| SHA1 | af8a162b43f99b943d1c87c9a9e8088816263373 |
| SHA256 | 48f16b587c6faa44a9e073365b19599200b0f0a0ccb70121e76c2dac4ed53281 |
| SHA512 | d3f1450b5def3c21f47c5133073e76d2ec05787eb6ae88bb70d3a34be84f6025540ac017e9415bb22ef36c2ffbfcea38a28842eefe366325f3d3cf2cca1a3cb1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_bz2.pyd
| MD5 | 684d656aada9f7d74f5a5bdcf16d0edb |
| SHA1 | f7586da90d101b5ee3fa24f131ee93ab89606919 |
| SHA256 | 449058efc99fccb9e24d640084d845c78f3f86dd34c5c126cf69e523d6320d75 |
| SHA512 | 27fb2eca382675316fb96d18a1aa6b2792077481bf899cbcc658d71f787876045c05c98abf129c9670b6a1d2654d57f59e17580139fa7f482ec27234e44d4235 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\_ctypes.pyd
| MD5 | 29873384e13b0a78ee9857604161514b |
| SHA1 | 110f60f74b06b3972acd5908937a40e078636479 |
| SHA256 | 5c0d5082fba1a2a3eb8d5e23073be25164c19f21304b09cecaab340dc7198815 |
| SHA512 | ca826ff5403700e6d8822634e364e43b14ef829095d8fe365b49731236f696fe86ffa3853cd1801dc3b7800d005a032fe23bbc25befe3952ef37790d56dee3c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\python3.dll
| MD5 | d6dfb6a9518a57e180980f7a07098d7d |
| SHA1 | 6026120461f5cbcd9255670b6a906fd8f5329073 |
| SHA256 | fdd54b6c495e9278e73d68203fff0c300e416e704852908cf5b06666cffead51 |
| SHA512 | 2a0195a5038d7530b64a506a70de3a6b9cb64ca9206006e03f726b4420304e3a76c10fdda12c8a51f4dbd63e7112fd7e7727a4ab94e7a111587e4248a6b26a62 |
C:\Users\Admin\AppData\Local\Temp\_MEI44842\base_library.zip
| MD5 | f2ea5aa1dfd6f0ec3c62b32623a14bac |
| SHA1 | bbc603e925c1f071661c81ae85124a8a220df1eb |
| SHA256 | 042acda399bb72a87dc7d37ce63d04470f6cb7d561e1f539f3be09fc9dd772ac |
| SHA512 | cd371cb282f9be0cadfec1d317c6e9d7720844d84ecb6254ab62e0b42df438b8e264bc4929f2b45fa8784a08378861cf7b81566c3f4061056d4de58ac39efccf |
memory/5204-3040-0x00007FFD9C510000-0x00007FFD9C773000-memory.dmp
memory/6072-3050-0x0000017AE6DC0000-0x0000017AE6DE2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_irt1ur0g.nll.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80e54cc8972b2413ab637969722c2f5a |
| SHA1 | 15efc551a74fab5f9e0469167133938a35d3aac5 |
| SHA256 | 425bf511705d86e2584dd5ccffd0f57ba9ca8ad202febee662aa722da028c316 |
| SHA512 | de1a5e56fc8cb86fdfca042d6f6b9a2b7673f47674b4d8d56bd6b599d615041ca5e1d24aced817d1dbdb40466de9609cce254f1a0e328038e47f63e9122384b1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |