Malware Analysis Report

2025-01-02 05:02

Sample ID 231111-lvgqmsdh37
Target 2a514d14cf0c18516696437e608ab3e2.exe
SHA256 bf747d7d7e3824b80a05d2988b5163729fb1b8c280f4ea5e2d638ab421f5c9d4
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf747d7d7e3824b80a05d2988b5163729fb1b8c280f4ea5e2d638ab421f5c9d4

Threat Level: Known bad

The file 2a514d14cf0c18516696437e608ab3e2.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat spyware stealer trojan

ZGRat

SectopRAT

SectopRAT payload

Detect ZGRat V1

Glupteba

RedLine

RedLine payload

Glupteba payload

Detect Mystic stealer payload

SmokeLoader

Mystic

Downloads MZ/PE file

Stops running service(s)

Modifies Windows Firewall

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Launches sc.exe

Enumerates physical storage devices

Unsigned PE

Program crash

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Creates scheduled task(s)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:51

Reported

2023-11-11 09:53

Platform

win10v2004-20231025-en

Max time kernel

95s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8068.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6174.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6174.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\631B.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\858A.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8A4D.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2536 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
PID 2536 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
PID 2536 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
PID 4804 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
PID 4804 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
PID 4804 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
PID 4660 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
PID 4660 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
PID 4660 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
PID 2920 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
PID 2920 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
PID 2920 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
PID 3716 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 2752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 2752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2380 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3500 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3500 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1968 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1968 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3884 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3884 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1852 wrote to memory of 3696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3716 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2916 wrote to memory of 5152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2916 wrote to memory of 5152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2920 wrote to memory of 5384 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
PID 2920 wrote to memory of 5384 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
PID 2920 wrote to memory of 5384 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe

"C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15379516225370582574,12252588999406563069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3019979442079864369,13515529056563600567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3019979442079864369,13515529056563600567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,15379516225370582574,12252588999406563069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,463939226358734684,4832993297275288425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8304889813731581924,9755139864988982942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8304889813731581924,9755139864988982942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12922749195441462281,13090158348867830002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12922749195441462281,13090158348867830002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7364513516025641415,11516962212006509719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1612715867014143264,9772175875002631079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7364513516025641415,11516962212006509719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,463939226358734684,4832993297275288425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12601827699848080062,18158257754142171365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12601827699848080062,18158257754142171365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4772 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x30c 0x420

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 8760 -ip 8760

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6960 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\6174.exe

C:\Users\Admin\AppData\Local\Temp\6174.exe

C:\Users\Admin\AppData\Local\Temp\631B.exe

C:\Users\Admin\AppData\Local\Temp\631B.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7316 -ip 7316

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 784

C:\Users\Admin\AppData\Local\Temp\8068.exe

C:\Users\Admin\AppData\Local\Temp\8068.exe

C:\Users\Admin\AppData\Local\Temp\858A.exe

C:\Users\Admin\AppData\Local\Temp\858A.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\8A4D.exe

C:\Users\Admin\AppData\Local\Temp\8A4D.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\858A.exe

C:\Users\Admin\AppData\Local\Temp\858A.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\266F.exe

C:\Users\Admin\AppData\Local\Temp\266F.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\6F60.exe

C:\Users\Admin\AppData\Local\Temp\6F60.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\9E8F.exe

C:\Users\Admin\AppData\Local\Temp\9E8F.exe

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 126.24.238.8.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 44.212.195.210:443 www.epicgames.com tcp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 210.195.212.44.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr5---sn-q4flrn7r.googlevideo.com udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 106.165.85.209.in-addr.arpa udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 i3.ytimg.com udp
GB 216.58.208.110:443 i3.ytimg.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.69:443 t.co tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
NL 142.250.179.163:443 www.recaptcha.net udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hneknee.googlevideo.com udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com tcp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com tcp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 70.8.125.74.in-addr.arpa udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 play.google.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-5hnekn7z.googlevideo.com udp
US 172.67.209.38:80 killredls.pw tcp
NL 74.125.100.104:443 rr3---sn-5hnekn7z.googlevideo.com udp
US 8.8.8.8:53 104.100.125.74.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 9cbcbaaf-1c45-4ab0-a3e9-e08d278fa709.uuid.theupdatetime.org udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.64.16:443 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
BG 91.92.247.247:39001 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 247.247.92.91.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 server16.theupdatetime.org udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 stun.sipgate.net udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 3.33.249.248:3478 stun.sipgate.net udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

MD5 c5c2c575a75b0234bbe73e0620d90ae5
SHA1 f5a459925eb94b9d0cf569bb8118e643ed8ef05e
SHA256 c2ad1cdc76cb19b234b87118a393d8439cb4c120387ab23da297725505b820ee
SHA512 29dff264f7dc92e3ec2891f8f879eb038057d192f4ad941a685510ca7aed33bf0c71cad5cb28c3a65b1702e2527af28ae90be91e4cd1767e48c4b1aa3cb0ae0e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

MD5 c5c2c575a75b0234bbe73e0620d90ae5
SHA1 f5a459925eb94b9d0cf569bb8118e643ed8ef05e
SHA256 c2ad1cdc76cb19b234b87118a393d8439cb4c120387ab23da297725505b820ee
SHA512 29dff264f7dc92e3ec2891f8f879eb038057d192f4ad941a685510ca7aed33bf0c71cad5cb28c3a65b1702e2527af28ae90be91e4cd1767e48c4b1aa3cb0ae0e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

MD5 b6c248eb8fe7e3e3d754b17e06c92456
SHA1 abb0ac737ffe5fd88ddec173788b955a6c16f96b
SHA256 6bfeee1df2e155af9d6cd8a9f0866f2cddf8d28b695b420650bc22d892d5bf99
SHA512 85c380812a852bbf93213bb4d659b045b5abe54869ebf9b067d128bf7afecc70ce8696361106525f0202b56141769ddc559c71ca44fdac44275993636d45a93a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

MD5 b6c248eb8fe7e3e3d754b17e06c92456
SHA1 abb0ac737ffe5fd88ddec173788b955a6c16f96b
SHA256 6bfeee1df2e155af9d6cd8a9f0866f2cddf8d28b695b420650bc22d892d5bf99
SHA512 85c380812a852bbf93213bb4d659b045b5abe54869ebf9b067d128bf7afecc70ce8696361106525f0202b56141769ddc559c71ca44fdac44275993636d45a93a

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

MD5 66805fa223ffdc9e021494db6a611d56
SHA1 f6ff72d1bfe4dd3896fd216916b3aac52b325a8d
SHA256 954aea71f8ecf0ffed78491957d1671ee00e95671cd1184e42c0e3ae4121a010
SHA512 4e85e7fb9b8b08dba3fd69ccdb2fd553cedd05cf3547b31c24a73ac456010053148fc75492dc986cb681a87a98dda2620691a74caec2287f6351f91e831f1849

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

MD5 66805fa223ffdc9e021494db6a611d56
SHA1 f6ff72d1bfe4dd3896fd216916b3aac52b325a8d
SHA256 954aea71f8ecf0ffed78491957d1671ee00e95671cd1184e42c0e3ae4121a010
SHA512 4e85e7fb9b8b08dba3fd69ccdb2fd553cedd05cf3547b31c24a73ac456010053148fc75492dc986cb681a87a98dda2620691a74caec2287f6351f91e831f1849

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

MD5 9bf25e0a4b86bd8d1023c204a3b1babe
SHA1 adadb580c702b1e9a32d6d1f436156a0be51e111
SHA256 db394924809b29893776109e2ca54a85384fede995145d984db302ef416e9566
SHA512 118c0d827736ca781dbf6da2445ac28500e247c581307a282a93ab11622237ce8c72067de01cf519429a276a2d14a436d591bcd286cf48b6d28452c4d12396f6

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

MD5 9bf25e0a4b86bd8d1023c204a3b1babe
SHA1 adadb580c702b1e9a32d6d1f436156a0be51e111
SHA256 db394924809b29893776109e2ca54a85384fede995145d984db302ef416e9566
SHA512 118c0d827736ca781dbf6da2445ac28500e247c581307a282a93ab11622237ce8c72067de01cf519429a276a2d14a436d591bcd286cf48b6d28452c4d12396f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

MD5 f62afb2d70f446113643481619334228
SHA1 498f9156c452973d76059b0dabd5a77143dd4b0e
SHA256 ffd023ca5334144e97b1019be4eb9f95a867d472835688638d3278681ac5f5f4
SHA512 c8658c9f30ba6afb07926206f765262fe7c69c603d176679192890aa5649cb25ff2a1d14b97395bea67e8066037f0571a4ca58ac36174cc4226e65276c26e770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_2380_TWRPMJMSVQBNXSQA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1224_KKADQZHGNFYYJVTD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2800_MSRKYEBWGEMFBPPY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1968_XBQJSNBZBKLFQXIL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3884_BAGKCQNLWAHRKXKH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

MD5 f62afb2d70f446113643481619334228
SHA1 498f9156c452973d76059b0dabd5a77143dd4b0e
SHA256 ffd023ca5334144e97b1019be4eb9f95a867d472835688638d3278681ac5f5f4
SHA512 c8658c9f30ba6afb07926206f765262fe7c69c603d176679192890aa5649cb25ff2a1d14b97395bea67e8066037f0571a4ca58ac36174cc4226e65276c26e770

\??\pipe\LOCAL\crashpad_4552_TNXKQCPFZWTDYJXL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3500_PZWVWZYQHYYTEWGS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12abe26f5eaf3296216da4ce64b654f1
SHA1 e89b6e1cf6e497a0e038fc83bf3cbd24bfd768bd
SHA256 cf8b81b65f74e0b24afa7d71c4b7a59f9456870830015aa6b7316a090c928c47
SHA512 ded90f9944aa765958d95ed9b8100577fcacf7662da220686db8178a16058cde09f59fc2da968488cb482f1121b89d652a96537cf76406a5019c0da8a5fc9362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c83c1019f917275dcdc49e4444ad1104
SHA1 5825eff338be1873f3ce2972e05a6f8f66bf1ec0
SHA256 25499411bd89d071abb2a1fd59322ae297807fec3327984fa581ae2692d25f51
SHA512 b4bb637a6c577d0a61969306d5956e5c3a01e1241bc2df21293fa1b8df365bc026c6ab26a38de1da336bd3cbc25a545953cdcbb99e744c2dfcd92283ebe7f234

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\713bdac9-1e61-42b6-9582-670d1cfa1ed4.tmp

MD5 eeefe5a6e1b4934f20ec033205c9cf31
SHA1 118143ba3f0b8baa44f76eaaa6606cd210ed81d0
SHA256 907a515895e80aee4f98570eac98df28fd7d2428eab6ca48f4aa1da45b8e2074
SHA512 58ed0458276a2853cf68dfa16c1ea664497b9b173b5c0835196a0ce55334ff5de1cc83b868700b28521e1d448ce8fe7bf1c6276888e21ee57847fbeba5dc0aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c83c1019f917275dcdc49e4444ad1104
SHA1 5825eff338be1873f3ce2972e05a6f8f66bf1ec0
SHA256 25499411bd89d071abb2a1fd59322ae297807fec3327984fa581ae2692d25f51
SHA512 b4bb637a6c577d0a61969306d5956e5c3a01e1241bc2df21293fa1b8df365bc026c6ab26a38de1da336bd3cbc25a545953cdcbb99e744c2dfcd92283ebe7f234

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1fddecc861436ac7558356339b8fde2f
SHA1 89e44218a3960d3df7c8ec38977aa102d1bd37b3
SHA256 15afccd278146e1688167679c54a58dfe1ea4e505c7b530fbbec1820806d057c
SHA512 a30b4db26e02c8dfc7d92dc965c8c6ebce399bab158df7edc83a4bfefcd41b1da14d5d8c0bc415fe5cfc08ad77f4ed7f47e8e747a55d7669ea0bcb03641995fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eeefe5a6e1b4934f20ec033205c9cf31
SHA1 118143ba3f0b8baa44f76eaaa6606cd210ed81d0
SHA256 907a515895e80aee4f98570eac98df28fd7d2428eab6ca48f4aa1da45b8e2074
SHA512 58ed0458276a2853cf68dfa16c1ea664497b9b173b5c0835196a0ce55334ff5de1cc83b868700b28521e1d448ce8fe7bf1c6276888e21ee57847fbeba5dc0aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\419441f5-3212-4186-82f7-daa688c191cc.tmp

MD5 1a976dc06e28bcd7eaa58253efd70529
SHA1 5a5e28fb68dca7732f3ae4c56f229b22510ad7b8
SHA256 25e9d663efa8005f9329829d0be3233aa2ad174710bab5696b47d23cb5dce2b7
SHA512 01f13bfb88b3f5fa4a7067b085af68aaaebb67293b319dcde2cf6d9de94c9ac76211b4f0be600c11efcc838e63e84e59cd3167fb1da9ecfa8f8e0715647da737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47797ee8a4d8f48eba73bffc6ec99146
SHA1 0ce2cf9ddc1e9be5fe5bbb6b7527adc129cfe2cb
SHA256 f6f6c66b5ec92a900f973a96d9cffa742d9d53212f7438f987043fe9ba9202dc
SHA512 cb683c657481f07173c11458484c14e5abd0515a8f7ce512d5824323a976c2f9f854ba09068d3972036d8301532fdab1f062f00b23af8f95056e24985b10253d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 338720597a7945781986f5cb506890a5
SHA1 f95668e049991eaa90f110a5d063a7a78696fff4
SHA256 c96aa156f7532b5f880e2e14786f489a06b01573284d241e85fa8525e0774a78
SHA512 4855222d952f59fbddeb688ff5bd0a89ac04b2edabd75639c1f6acb7fff4b9fdbfbbc55e2583d6dc82cb7286f5fb25b648476cd4228b0de619db0fb54f2eb994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\041867a0-5976-4450-bbda-ea316838717e.tmp

MD5 47797ee8a4d8f48eba73bffc6ec99146
SHA1 0ce2cf9ddc1e9be5fe5bbb6b7527adc129cfe2cb
SHA256 f6f6c66b5ec92a900f973a96d9cffa742d9d53212f7438f987043fe9ba9202dc
SHA512 cb683c657481f07173c11458484c14e5abd0515a8f7ce512d5824323a976c2f9f854ba09068d3972036d8301532fdab1f062f00b23af8f95056e24985b10253d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 338720597a7945781986f5cb506890a5
SHA1 f95668e049991eaa90f110a5d063a7a78696fff4
SHA256 c96aa156f7532b5f880e2e14786f489a06b01573284d241e85fa8525e0774a78
SHA512 4855222d952f59fbddeb688ff5bd0a89ac04b2edabd75639c1f6acb7fff4b9fdbfbbc55e2583d6dc82cb7286f5fb25b648476cd4228b0de619db0fb54f2eb994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7503b777-56ad-4242-a620-5622f598fc63.tmp

MD5 1fddecc861436ac7558356339b8fde2f
SHA1 89e44218a3960d3df7c8ec38977aa102d1bd37b3
SHA256 15afccd278146e1688167679c54a58dfe1ea4e505c7b530fbbec1820806d057c
SHA512 a30b4db26e02c8dfc7d92dc965c8c6ebce399bab158df7edc83a4bfefcd41b1da14d5d8c0bc415fe5cfc08ad77f4ed7f47e8e747a55d7669ea0bcb03641995fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12abe26f5eaf3296216da4ce64b654f1
SHA1 e89b6e1cf6e497a0e038fc83bf3cbd24bfd768bd
SHA256 cf8b81b65f74e0b24afa7d71c4b7a59f9456870830015aa6b7316a090c928c47
SHA512 ded90f9944aa765958d95ed9b8100577fcacf7662da220686db8178a16058cde09f59fc2da968488cb482f1121b89d652a96537cf76406a5019c0da8a5fc9362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9975db8336c0c2a42a59a054247e6b2
SHA1 dde1152508a2afdf59af5654849498ba77723f36
SHA256 dd619557d97ce20f38064732540d182c3bc21db63e630af717d626169bb6a717
SHA512 9b7b5ebc72e46f447b4985ce6710cb06d80aeb0e1345c75afb8afe9bd3826440d96c54a19d9342129ec666b9f06acc4314c38087385c815fbc712d13c8f440e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9975db8336c0c2a42a59a054247e6b2
SHA1 dde1152508a2afdf59af5654849498ba77723f36
SHA256 dd619557d97ce20f38064732540d182c3bc21db63e630af717d626169bb6a717
SHA512 9b7b5ebc72e46f447b4985ce6710cb06d80aeb0e1345c75afb8afe9bd3826440d96c54a19d9342129ec666b9f06acc4314c38087385c815fbc712d13c8f440e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a976dc06e28bcd7eaa58253efd70529
SHA1 5a5e28fb68dca7732f3ae4c56f229b22510ad7b8
SHA256 25e9d663efa8005f9329829d0be3233aa2ad174710bab5696b47d23cb5dce2b7
SHA512 01f13bfb88b3f5fa4a7067b085af68aaaebb67293b319dcde2cf6d9de94c9ac76211b4f0be600c11efcc838e63e84e59cd3167fb1da9ecfa8f8e0715647da737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12abe26f5eaf3296216da4ce64b654f1
SHA1 e89b6e1cf6e497a0e038fc83bf3cbd24bfd768bd
SHA256 cf8b81b65f74e0b24afa7d71c4b7a59f9456870830015aa6b7316a090c928c47
SHA512 ded90f9944aa765958d95ed9b8100577fcacf7662da220686db8178a16058cde09f59fc2da968488cb482f1121b89d652a96537cf76406a5019c0da8a5fc9362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c83c1019f917275dcdc49e4444ad1104
SHA1 5825eff338be1873f3ce2972e05a6f8f66bf1ec0
SHA256 25499411bd89d071abb2a1fd59322ae297807fec3327984fa581ae2692d25f51
SHA512 b4bb637a6c577d0a61969306d5956e5c3a01e1241bc2df21293fa1b8df365bc026c6ab26a38de1da336bd3cbc25a545953cdcbb99e744c2dfcd92283ebe7f234

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a976dc06e28bcd7eaa58253efd70529
SHA1 5a5e28fb68dca7732f3ae4c56f229b22510ad7b8
SHA256 25e9d663efa8005f9329829d0be3233aa2ad174710bab5696b47d23cb5dce2b7
SHA512 01f13bfb88b3f5fa4a7067b085af68aaaebb67293b319dcde2cf6d9de94c9ac76211b4f0be600c11efcc838e63e84e59cd3167fb1da9ecfa8f8e0715647da737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38f8e0e3652237ab2c1b52e73c8120ec
SHA1 5580bc29d9c3d1d26d828a4bda7ae4dc94c90c71
SHA256 0a95b5df55aa6587adbce84d6afa46a1a0810bae951f220c89bc1652c0a700ae
SHA512 e712cf4de12c1554f38245ac37bad4f3b7ca17f6a07543db40fb761b6384de7b96dad1a7e2ff04b562491d65e9fd3a8deef5d25d801e6857321967abfb6ec742

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 75a3f576fad3976a52b0a7c090a44bef
SHA1 e65b440d4eb741936fa8d7c97cec106b32eb749c
SHA256 1cdb25cd3625d2ac3556a2abbd2eba0db38e755e4b5621f9b7bc16b6e0ddad91
SHA512 64c41ea8958c490084c7a70b9babc808b79c4021f789241395acf9fd18051d01f9cb96044d21a96fa767a7503909917cc11d5dedf48a25e5a2e175c6fa74976b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 29c48946964fc266d0fa50050856174f
SHA1 fe3dde4bbc5c053c1514105227f2aef019ad6242
SHA256 68be12034dd8d3eff097d0617b17cdce1f659da65ac36017a28be6ab41ca0402
SHA512 24d7529012f888ddc12202d87942fb78ea91b03a3a329ffa351c0ceeba1b8e8f8d755290cb12664d444dc2986aad54fac756c075804fb8dd6a2bb33aba06aa30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 405a1a6befa933e31ee837e6db6e736c
SHA1 7cf53f31d4681327f7ebfabf3d266193bfe4511b
SHA256 324bc744ad1e525c91c35f5e2e0bb542bc4ac8dfd36709f1f1dfb8088b3fb707
SHA512 3468f6831b58630ef910b2121e561c22d71440a1e384bce2b80f3a5c797aa584b26505c2cddb35884be223deb6206390311df794e95385ce274226dc0c4ebd0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fc9875821d53dffe2a0a3d31fe99653b
SHA1 39b8c85977b5e8a39b5d75054b684fe2a7fdd28d
SHA256 fa1c56aca9e467197776a80109176ac96bed95d8b4cbb75a980a07d8de83868f
SHA512 e8182355ab234c2d7988dfdd1fdb74f747455b2f3ca447f6afd7bea3c54dad2d1b39353a6d97a5640a44f024dd514f707ef2f192bd3934d69b4175d6ac8a6c12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0010943304bc5aef93ccc9699473c33b
SHA1 a5e6a3a1e07a2a2dac6ac14ac35603514b4745c0
SHA256 7a4eee0cea16014e5bcf44c27f18839b8dd78cc63a728f5d80004b166929ba75
SHA512 7550a10037d86950942692bdf41b3c7ffc57374646d666a13e0ab801bf3ce8f270b208da22f4f09f8ceffd81514de4fd500fed69cce280d71cce99e69cb9150f

memory/8760-537-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8760-545-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8760-552-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8760-563-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8956-573-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 132edd3000ea1e732a75646fa61cba8c
SHA1 845e37e0df61461f11ee87c54334d4a13a0d5e28
SHA256 3aa39b27af3cfa54dd667019fa3e7fbe2528d6adf8140343899f539ec6cc29d6
SHA512 ef24bf5c494dadc9b3644349bbadf5f537130b07ed4f5b8b21ca6ca5018add1b0ce3f97b382618ec87361dd093fc3cd0cd4c700a81291e788e98e2be9038b055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/8956-835-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3136-834-0x0000000000B90000-0x0000000000BA6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0c9173350f23e42db698db4bab5b57c
SHA1 2635f4df69cb25d15895811784acbb9e04668342
SHA256 7c727d9fa88afedeff6252e6ecfeb239cc27f4a517d6f0eb2afadc21164009a4
SHA512 9e0444146bc75c9ddbba865a1f4efafe49c025706bad70fcc113d882650834e3c76486ae975aa169040de568b91c55c52294093b2882d9a505b275cd0f5b31eb

memory/5896-879-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5896-883-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/5896-884-0x0000000008280000-0x0000000008824000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/5896-893-0x0000000007CD0000-0x0000000007D62000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/5896-904-0x0000000007EE0000-0x0000000007EF0000-memory.dmp

memory/5896-905-0x0000000007E60000-0x0000000007E6A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8fd25e4da2dc6f374b844598b29ce71
SHA1 2ade040b935b58f3b18bd9e4e59df7ecfa3b470e
SHA256 8bccfdc04889f0a2c63c473b8fb4d1fc05b8e23a974a906cdd3e8f21965cfdd5
SHA512 fd74cc26e4c2b2cbdb4a4774a27b077e6b205130b766629330bb0ec681a4c590584078af508af7019c8be4f38e2bce878ef1ae9bfe891abe47ab30762ac5252c

memory/5896-919-0x0000000008E50000-0x0000000009468000-memory.dmp

memory/5896-920-0x0000000008020000-0x000000000812A000-memory.dmp

memory/5896-921-0x0000000007F50000-0x0000000007F62000-memory.dmp

memory/5896-922-0x0000000007FB0000-0x0000000007FEC000-memory.dmp

memory/5896-923-0x0000000008130000-0x000000000817C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f592d9de0409816e7e84a127727ebd88
SHA1 6d2ef5c9d80f17d5207b5d26b57339de3df3751f
SHA256 5d381435c265a35bb9ba1fb7f0a30e7c9aacd6221325cf68a8c191739547482b
SHA512 39b090d18dc38006748a01ea0c94d1a8008edbd57cf22bf440fed0ecd769448167fad81f7c55b1cfcfa38f584770ef2b143b763b55f23f12da2aa280d6be2bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d63c.TMP

MD5 e52a1c38e5dc394e3608cf71f4e788a0
SHA1 a2fb5fdc14e5cdcf36568b314045d152711d512b
SHA256 ef6df7fa0c6c9e94c7cd7321500ed8ae00250b029cf6b7cb8ff6acf44a692833
SHA512 beeff7c71c08605c3eb84f72a2f1158891296b0af77198afc139b6be0bc0e09f1d484640903fd423e53da34b5d6d2decf07e9c114c8a0c2742188c4c5c7489cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\08272db9-5b6c-4dbf-8556-34af1fbcfd1a\index-dir\the-real-index

MD5 74e50883b3f8c65e6ca88bd066858185
SHA1 1c7f12268555da4cf3de0e8da2f817dbefae743f
SHA256 1fff6d83674f66932f67fc1338169c97d845a7d3bcaa4c0dbe88181e57605219
SHA512 08f1c490e27b8cb58608a1932848ff58177b6938205451606c691ddd150667de718d8efe52483827b3c6d37aa7216bf624d35e58fbe86e8d8be31b9492fc6dbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\08272db9-5b6c-4dbf-8556-34af1fbcfd1a\index-dir\the-real-index~RFe57e5eb.TMP

MD5 ab3c8d9cfd89f597987940161166fea9
SHA1 449a8130955b980eaeb333cb11214e5446e9a644
SHA256 85cbb31d842f4cbfdb741fff0025ac6a13b63fa7b8b94debe923c8a9275237e9
SHA512 308f02a87cf9783d2048d940e1dc6d8849ae46817a793e2c998d9706b0ab364c9a0bb822f87c7f1ba80da8583cbaa75b3406639b624f48ca37d7e05d7a03a41b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4f6865aff8208d8350a9822b52f1531
SHA1 0fedc0e4cee3d10e46b262d528870fbebc4177c6
SHA256 64e771e1024da47a575c20ea2e6b699adfa6da4f17b713853f7b848985484969
SHA512 94a7b768e075d61b26b58a7d3b4e0eed27741ed3f84f48b74c75c2340f7c984e0637175604f48f672297bcd0a082c927af3b51568ace19ef1dbfe5982cd15930

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6a7.TMP

MD5 1bd20117cc22a0aa40606e8293659473
SHA1 f81b009adc9f5ba644cc1d12978e82673d8e535e
SHA256 5cb8291fd55eac19a5a33ae473c6dc158e94d517d78b26e236fa8556c8038acd
SHA512 7b704aaa8b33b7ec59dd00ca74ba7a4923289d6a52e495f3fd6bdf2bb7647fc05099588648d679bdb67cbf031becfbaf885f43167410237683d8e5b0306536f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\07020084-ae25-4bed-a463-2237a49e6268\index-dir\the-real-index

MD5 e2ee01daddb4c319c05c040bfc8d7c0a
SHA1 9ec76d1c3a3764f1cb38ab2c56c8f335e595adaa
SHA256 74949103be652f5b4d9a59f9d170bd92c3cbc973122835b0758881a136b5b3b9
SHA512 fdbbf3244a876855b8bd881ee5d2b03611d0114e0eadd4a8ec93768f908e6601d807df3d0fe7d4f4e75c738fcd1e0e106975a353f7080bab2d73bf2b02c96b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\07020084-ae25-4bed-a463-2237a49e6268\index-dir\the-real-index~RFe57e8f8.TMP

MD5 34512000393a7e9092399ced3cf53763
SHA1 0a57904d750531bf3868797e710902cedf5a601c
SHA256 1be59d35841fe7375e66806870fa8cd019f468b21d73a94c06b6a2102a069d97
SHA512 0b5f4e5df4faa1f77495c8dd8af47b3221ced8f68e09bf8e6a756d448ceca1bc79e1dbd88be26ab0c0684f8389ba9108f5910a24b6c642dad91b48fd652498d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cb801fa189d027d2f5bbad49b64832f5
SHA1 e4a1203570e97a1ec3f713cb47aaafc05fc615dd
SHA256 3a959284392a823704c2f193338d918772f2f9052d7d34101713a94d000d5efa
SHA512 b4912f4621d3ad9e5bf5e836caf9a36a773a0ff5ec84eab2155e06097d607235174c8ede52d4638bab1e7a737ea36cd70c11acfbaab0a9551124c771a00297f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/7116-1061-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7116-1062-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7116-1063-0x0000000000400000-0x0000000000488000-memory.dmp

memory/7116-1065-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 413e293853b7f5de707cfcda6e966d5d
SHA1 24da6893a4874d518a590d32862c25bbc34e6e21
SHA256 6b911a697a77df0d4f96db41f0eb760dcebb81e9223f2ab2e5ec3c9bebe1dc5c
SHA512 2df1b9382856b7ddf4ad8e0dc386055a49005eae44ffcac3912ee46cddd948f9aee012101b1ef42b8eb0c4f5e6fff2c8c47155f19070da65b18c45c6ae6bf1c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e91f53c510a1fe9a963ed085ac5b670
SHA1 7b4677df2f0d345cd8421d5d8e5fd21e2b9cc053
SHA256 4dfb74c7e36127f793d782371e4dbaec3a93f3286f83df7c68b33c30e8a1fb8f
SHA512 be93bfece4326899175b23cc4256c52c2d16e1baaf9c02dc27685b15621e77268424e359397e5b7f3f629667b86cef0ca763e6ad36563c7b2a29988f69c09734

memory/5896-1145-0x0000000074A10000-0x00000000751C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5907b299-bdc8-4148-bd11-d8638e2749f9\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 ce48ed1187d40bdf8ebd816111047e6a
SHA1 c5ec4565f0456e5c07eb24f8867f2567e0722115
SHA256 46757daa1d4052056466328e9156524c64f335194c40cbb3563caf22f2d8cc71
SHA512 1fd91b2380324488cb590186193c0c365a20a0ed5be54d94378894a29a0253f4945ca2d895c27b917b20d10be83525fbe03250185221b81b2de5a2cf87269a80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5838ed.TMP

MD5 b02010ba4630c7a1d07d1797903a9b5e
SHA1 c8bb661ebe8054ba0327deb8a24078f915d332e7
SHA256 1e901e2d798da1f5247d5a80782e909acf8a43505478c02f9ce52a8300488e5f
SHA512 53e2a9f2a189e3d8cfe02566662a1947b6dd2cb1297904b55c4b12f1e94bd93d828aec86b86c683f0ac0b7d2c3279727d7a57e0d7139970270e305655b010e9f

memory/5896-1270-0x0000000007EE0000-0x0000000007EF0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 845a7688dea118180cc7a7ebeff3209e
SHA1 3d3a61014399828435bf763db4264051ee493f39
SHA256 404801487b908f95bf14f315b176719a1120b694aa26eee9363fc2690961388e
SHA512 b64389ce834f7152f3e4940ab4227a1dc972641b9076af5a806220125c9732c28dcc67a8c6c28b548c15f6b2fe14e998a7ed2fd8df2dac4246e05c6cd936bf73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48beac1b7d038aca70c2e1262e0ad7ea
SHA1 5e64658907585cf8a0398fd419519b5638686e26
SHA256 539e7d5f37a2f221a927c9d5a3ae36f5d91a39a824fe32a51139e2f79e208d48
SHA512 3e823d06575d90d899bce9b0b645218bfd0c082ede1301336046a7c356b3873d4849c25c3920139c9c8ebb6e39eac88b9f6469b322f4dbfb3f3b0aea0b8ac00a

memory/7316-1598-0x0000000000400000-0x000000000046F000-memory.dmp

memory/7316-1600-0x0000000000540000-0x000000000059A000-memory.dmp

memory/7316-1607-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/8308-1608-0x0000000000A70000-0x0000000000A8E000-memory.dmp

memory/8308-1609-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/8308-1610-0x0000000005470000-0x0000000005480000-memory.dmp

memory/7316-1614-0x0000000074A10000-0x00000000751C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da53740646b72cc3bd59a1f403a061e5
SHA1 b4f0f4bfea3c5bf172ba27805e0177dce9236fed
SHA256 bfbd969f7e09fe4a9f6fc73b2b034c810e5f12182396a90605407813c2a92713
SHA512 86e502e74e342f3d70d86711489369632022d33c4aa4a4c4464944e4308a29b77e407545501fe80e1043d9021828bcdf5b5c6a1dad6ae05e3e8328a9a03c0f8a

memory/8664-1679-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/8664-1684-0x0000000000D30000-0x00000000019CA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ce009a1e0dd7bd9acbb33215945fcd07
SHA1 e09f4f8617d511cd5ab1c56fef78bb8c75593adb
SHA256 f692b71e697a2111dea5c9aeac3ba7399295a3e2abee7ffa05ca7c2b615af0b0
SHA512 a070290b540bf316cb86da0187a7f007f6cf27dcacb1085294404d178f7f7042148b3a711e453aaf3250f5cc9feff332f34fbba94639d1cc705b9264438251f4

memory/8680-1703-0x0000029E42B80000-0x0000029E42C6E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5afe5a52-034b-4e5f-8acc-e3b0a586eb3a\index-dir\the-real-index

MD5 c523407382a10224223f845f7c5961de
SHA1 52d372183fa59c52fc315a8c1d3b18b4d5a2cf4c
SHA256 a1dd51f052032a3821aa8343289a5625bd46ce02b50d32eb1d4b71e79ee838e2
SHA512 a014f1dc315f12998764dd0676dcda051bb3c84f5fb14cf8bd8c774c5cb189fdfb281e77aaa2b8fe6768335d0387b84fa9a285038bcb1e5446e6796041cc39b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5afe5a52-034b-4e5f-8acc-e3b0a586eb3a\index-dir\the-real-index~RFe58897e.TMP

MD5 2ea42d780165ab0896872a2f71fad826
SHA1 57dfb71812cceef760abdcbfaa6a348f1f4e3448
SHA256 d54a06613cf2ca806ea520ae50fe06832948a42faf902cf301074b70c04b7b2f
SHA512 b9ba38ed95849c62d2910e64b808cf9292aaab4cf4da4effe9440866c1d699922e6e5d064cc02a4dc5e225f8c62aca7c72852bcd11bda69090f697b5ea2a4127

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/8680-1728-0x0000029E5D0A0000-0x0000029E5D180000-memory.dmp

memory/6944-1733-0x0000026B671F0000-0x0000026B67292000-memory.dmp

memory/8680-1732-0x0000029E5D1F0000-0x0000029E5D2D0000-memory.dmp

memory/8680-1734-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp

memory/8680-1736-0x0000029E5D2D0000-0x0000029E5D398000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/6944-1744-0x0000026B69830000-0x0000026B69930000-memory.dmp

memory/6944-1746-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp

memory/8680-1745-0x0000029E5D4A0000-0x0000029E5D568000-memory.dmp

memory/8680-1748-0x0000029E44920000-0x0000029E44930000-memory.dmp

memory/8680-1749-0x0000029E5D570000-0x0000029E5D5BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/8856-1766-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

memory/6944-1768-0x0000026B676F0000-0x0000026B67746000-memory.dmp

memory/2244-1767-0x0000000000400000-0x00000000004AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/2244-1771-0x000002805E610000-0x000002805E6F4000-memory.dmp

memory/8680-1773-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp

memory/8664-1775-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/2244-1774-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp

memory/2244-1776-0x000002805E600000-0x000002805E610000-memory.dmp

memory/6944-1777-0x0000026B68FA0000-0x0000026B68FF4000-memory.dmp

memory/2244-1779-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1778-0x000002805E610000-0x000002805E6F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 08b607128ba6e5ecf38ca107687d8017
SHA1 603cc66c83394906df1c52c0e451dcf60fffa6f3
SHA256 74c69171382145b967ed983e98e188633613095792202a65969b804b2e8fe7dc
SHA512 3265c1cd97a8a3352aad24908565890102353506a9189a115464ca5704bc55c36171b180660dd88ca9471432da5098e57483b98cfd70dc08262563217d3f24df

memory/2244-1790-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1792-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1794-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1796-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1798-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1800-0x000002805E610000-0x000002805E6F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 406654c5cabbbb8caa05f0091b1209f9
SHA1 936f9e7665b75165504f7565b73cc345b70d257f
SHA256 5eb4a7f1036a7f72e4a7636f5720bf0565ae2fd4d3f3f308a891aad67a402155
SHA512 e4c105a9eb914d97f0dd24d0b3ef7fa0fbaf9f9c0e32564ec70001630c66e6dc654f45b07f3b46eddc450eb083c309c090bc63096455848443a6d053ccd6e443

memory/2244-1808-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1811-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1813-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1815-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1817-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1819-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1821-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1823-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1825-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1827-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1829-0x000002805E610000-0x000002805E6F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c474f1e9f2241bb43dd02b45ed8a524
SHA1 c8a644eb9e33cc6c0d3ddf07595b7ca0ec038040
SHA256 9b1bcc13c543982abe741c43ce90ac199fbfe084b0b6ef4a968ebb05ee36dba9
SHA512 604ca41e7dcccd6a88280f7068b119d4d919fca1aeb2db7d6301353415d3b0fd9c7b678c3bb92f723a49b0f2eb6c573fa4e5cca5c33805751dcb6959fa4e75a6

memory/2244-1840-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1842-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2244-1844-0x000002805E610000-0x000002805E6F1000-memory.dmp

memory/2768-1847-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6536-1849-0x0000000000B80000-0x0000000000C80000-memory.dmp

memory/6536-1851-0x00000000022D0000-0x00000000022D9000-memory.dmp

memory/8308-1845-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/8308-1856-0x0000000005470000-0x0000000005480000-memory.dmp

memory/2768-1854-0x0000000000400000-0x0000000000409000-memory.dmp

memory/9044-1877-0x0000000002A70000-0x0000000002E6F000-memory.dmp

memory/9044-1886-0x0000000002E70000-0x000000000375B000-memory.dmp

memory/6944-1892-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp

memory/9044-1897-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/5652-1980-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp

memory/5652-1982-0x0000026882790000-0x00000268827A0000-memory.dmp

memory/5652-1983-0x0000026882790000-0x00000268827A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xe2yuybk.uex.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4184-2001-0x0000000004900000-0x0000000004936000-memory.dmp

memory/6944-2002-0x0000026B699B0000-0x0000026B699C0000-memory.dmp

memory/4184-2005-0x0000000004F70000-0x0000000005598000-memory.dmp

memory/4184-2007-0x0000000074A10000-0x00000000751C0000-memory.dmp

memory/4184-2009-0x00000000048F0000-0x0000000004900000-memory.dmp

memory/8856-2011-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

memory/4184-2016-0x0000000004ED0000-0x0000000004EF2000-memory.dmp

memory/2768-2027-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4184-2034-0x00000000057D0000-0x0000000005836000-memory.dmp

memory/4184-2036-0x00000000058B0000-0x0000000005916000-memory.dmp

memory/5652-2038-0x000002689AE10000-0x000002689AE32000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a92fbb0d855b33319009f7d2ba0b6527
SHA1 351b81487546b1fa39a35a9fd5f27423f27007f9
SHA256 43c2adc3f12c1c4c7129bd9d87986c4461044f604ddf87de5732276627b91a02
SHA512 27e27a340b46e124fc15aa551febafa4e5dab8216c4f9dace06c4bfec6a842c896d87f4d675097b69c9a222a09b79a4ef3e2bd0d3701beeeda5b55463c604a85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 abc62cc291b3449735ac94a931eca840
SHA1 204f482a0c0b72cddb50cd185603b315b18fd776
SHA256 ac61932c72e476bbf4c54d9c1d54bbb97ddfa1d1b2796a0eaa9a09e407ea6144
SHA512 168a3fa03faa9491bddea028f1477357e0f3fedfee35cd2579488d90526635924a7f3212a122e16c8e775ebdab53d58a8c8102f61d33b4bf13007979379b5abc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a0153519d8765df62d170dcde781e84
SHA1 c4c0193497f46a532e2f4c4e16444fc7d1073ef2
SHA256 3f7bf046702533f9a845f2696c59288d24d92d676c6f0f8eca004bea408acae4
SHA512 b8f0e0ee061f118f81594090fd2c0920b5d2cad8efcff4527b05754b832161b7237996c7c13aaf778780a5157ec38a883d4a616294bbd1522d02918a54241d7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 196e721e6cbcbd7fea597a59c54a610b
SHA1 7550f265cb2ca4a4767e866c075b41897a6b0d08
SHA256 c5d46fe142560178200814c4fe83fd6fa0e5d2ada9216c60a2a99d26cb4dec61
SHA512 dcbf9b126297b5eb0c1ed6c841e8b927fee32f39dcde2f0531aa66bef09ffd8f31d7d3c089fd5679b789bf6a3f6d1b7820b135bc0449bb340bd3318fb5f3325a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc784a18a9fc0d05c2a702dcbc8843d9
SHA1 c52d8be7e0131be566540616f5cfc8d48b0ee873
SHA256 c511e18714f71346e7ee492b6db81b15749242d65adc7aae09498edf7b14c95d
SHA512 26445fa7c90dbb9546b9683c02c8d89704a14525dd248085e1c5d85a0ac3a441228c92e061637d47349baee58ce1b450eb292e24e60d6c03e1746202c32df383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad8da77e132307b538efeeed6764790f
SHA1 256677b17c6779d82a40e410bf9286abc887f8dd
SHA256 97df07a0a42356a43c59ddea44cc4d5b496de24fc7434ba541b5373f44304c9b
SHA512 1a4b9f003d029f9f22438c042ec95330afb48a3f2928262ff082a9ab1726b9b4f75c1f7067ea2ac762a13dbb2560c135efa345dc024767a7d71097e73b15fbb4