Malware Analysis Report

2025-01-02 05:02

Sample ID 231111-mawjqsdc8y
Target NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe
SHA256 68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper infostealer loader persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0

Threat Level: Known bad

The file NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper infostealer loader persistence phishing rat stealer trojan

SectopRAT payload

Glupteba payload

RedLine payload

ZGRat

Detect ZGRat V1

Detect Mystic stealer payload

Mystic

SectopRAT

SmokeLoader

RedLine

Glupteba

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:16

Reported

2023-11-11 10:19

Platform

win10v2004-20231020-en

Max time kernel

124s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2572.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEFC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FEFC.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\130.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9E6C.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 116 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe
PID 116 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe
PID 116 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe
PID 3040 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe
PID 3040 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe
PID 3040 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe
PID 644 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe
PID 644 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe
PID 644 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe
PID 3232 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 3820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 3820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1924 wrote to memory of 656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1924 wrote to memory of 656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1712 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1712 wrote to memory of 4092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2488 wrote to memory of 4324 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3232 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 2944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 5248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.68cdb9386a731d632b95fa312510d802ea16e1faad66411795e2b407c19809c0.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,4915370123871950614,18297213148094435351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,4915370123871950614,18297213148094435351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6778298647973242482,2296034997952311251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6778298647973242482,2296034997952311251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,13145747730091494124,11437865719068732608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,13145747730091494124,11437865719068732608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16372917928850837791,18343254612294736255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,3958967418248816924,1358132403968396685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16216899043314533399,10028272211973930734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16216899043314533399,10028272211973930734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffde08946f8,0x7ffde0894708,0x7ffde0894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2oC1730.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2oC1730.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7368 -ip 7368

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 540

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7gR9ON42.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7gR9ON42.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9156 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\FEFC.exe

C:\Users\Admin\AppData\Local\Temp\FEFC.exe

C:\Users\Admin\AppData\Local\Temp\130.exe

C:\Users\Admin\AppData\Local\Temp\130.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2968 -ip 2968

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 784

C:\Users\Admin\AppData\Local\Temp\2572.exe

C:\Users\Admin\AppData\Local\Temp\2572.exe

C:\Users\Admin\AppData\Local\Temp\9E6C.exe

C:\Users\Admin\AppData\Local\Temp\9E6C.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\A850.exe

C:\Users\Admin\AppData\Local\Temp\A850.exe

C:\Users\Admin\AppData\Local\Temp\9E6C.exe

C:\Users\Admin\AppData\Local\Temp\9E6C.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9756 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2928939405180236186,5289383251825601287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4380 /prefetch:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.paypal.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 twitter.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 184.73.197.72:443 www.epicgames.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 72.197.73.184.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 104.244.42.194:443 api.twitter.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 video.twimg.com udp
US 68.232.34.217:443 video.twimg.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 217.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 facebook.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 157.240.5.35:443 facebook.com tcp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
NL 194.169.175.118:80 194.169.175.118 tcp
NL 23.72.252.171:443 apps.identrust.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
NL 23.72.252.171:443 apps.identrust.com tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 rr4---sn-q4flrnee.googlevideo.com udp
US 209.85.165.201:443 rr4---sn-q4flrnee.googlevideo.com tcp
US 209.85.165.201:443 rr4---sn-q4flrnee.googlevideo.com tcp
US 209.85.165.201:443 rr4---sn-q4flrnee.googlevideo.com tcp
US 209.85.165.201:443 rr4---sn-q4flrnee.googlevideo.com tcp
US 209.85.165.201:443 rr4---sn-q4flrnee.googlevideo.com tcp
US 8.8.8.8:53 201.165.85.209.in-addr.arpa udp
US 209.85.165.201:443 rr4---sn-q4flrnee.googlevideo.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe

MD5 8948493ce98e7b23c15b2f71d9d13882
SHA1 3575f94a53690328b1972b8566aaa247174ceeb9
SHA256 6d373f391ca0f2a50704432fbcef573da5757ec0eda41a99f38644fe64f404ef
SHA512 161dd37adf92332eb1f8eec813acb806cfb06a1edfe155ca5a99355500250e3e870f7a93de4307ec5b3d514d4cf56db3ebf5c8214c95259b5f26230f8dc63d58

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\in2Hl70.exe

MD5 8948493ce98e7b23c15b2f71d9d13882
SHA1 3575f94a53690328b1972b8566aaa247174ceeb9
SHA256 6d373f391ca0f2a50704432fbcef573da5757ec0eda41a99f38644fe64f404ef
SHA512 161dd37adf92332eb1f8eec813acb806cfb06a1edfe155ca5a99355500250e3e870f7a93de4307ec5b3d514d4cf56db3ebf5c8214c95259b5f26230f8dc63d58

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe

MD5 66e18d4a8db729acbf4c7999b5be8a2e
SHA1 8234e52766b28f4c130baf0a41c5fa3746d94233
SHA256 7c7bced63d140ed08802f20d5bd9f97021c692d4bc0b017412b512772590afb4
SHA512 bc6c034d9d5e29af27c7011d56b29d555a694f18c2f3cef18d377df27f9666638561611fec39558015c91aaae55587752ea1efe2f6dfafc33dca9a44c32421b5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EJ5ql86.exe

MD5 66e18d4a8db729acbf4c7999b5be8a2e
SHA1 8234e52766b28f4c130baf0a41c5fa3746d94233
SHA256 7c7bced63d140ed08802f20d5bd9f97021c692d4bc0b017412b512772590afb4
SHA512 bc6c034d9d5e29af27c7011d56b29d555a694f18c2f3cef18d377df27f9666638561611fec39558015c91aaae55587752ea1efe2f6dfafc33dca9a44c32421b5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe

MD5 3a26c2dcb8ce1a148d5188a390c31fce
SHA1 664d5a9b0a8fba0952af6e70c0d7ec4ccbe71fd9
SHA256 2453ed27156cc25b9df3e681437cc2bacf2f00ff7b452373c2efe9f702dff784
SHA512 20729556a29ecb5bf2b348844a94a70f7b2f6f1cf6ecd76dfe9d81c5c169d72be6705de1d73eece4c1f5d43f311e7b83fcd6e6bcfd5867ecacf112cc1729cda1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cs18kM3.exe

MD5 3a26c2dcb8ce1a148d5188a390c31fce
SHA1 664d5a9b0a8fba0952af6e70c0d7ec4ccbe71fd9
SHA256 2453ed27156cc25b9df3e681437cc2bacf2f00ff7b452373c2efe9f702dff784
SHA512 20729556a29ecb5bf2b348844a94a70f7b2f6f1cf6ecd76dfe9d81c5c169d72be6705de1d73eece4c1f5d43f311e7b83fcd6e6bcfd5867ecacf112cc1729cda1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_4072_JBFILSHYSDWWYBGP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1816_FQZQDUCRHTOKCPKF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_3048_ROZCMFWMXTCSBBXM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1924_KGJWNMRDFSAXEUMI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73496004cd2bf9ff61b7f555e1e91a65
SHA1 fef145bc349cf65d82c9825ae0f26ea96aa785fd
SHA256 ba86d7dad0f2397bfa08920d7514e48d9da6da415ce40a3b08ece6918f6c356c
SHA512 19d87e4374068661835386afb2418e3b1de9660ff7e4c77b613d394e918779ac197ba1a492e69f17ebada2bdc84fcd945efd3cf8f3aa37da382a837aa0cd642a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8af3c5017d1aa1345590bc770d89923d
SHA1 dbb2e1ceb7e3a5e6805d47418c213446c0b777ec
SHA256 135cad9316013e23e5fcbda1a929944e04430df9713f4cf61dc586f12ad18485
SHA512 adbf18c99fb458cc76b61b36d3f46c20f4dcc59471bfadd2131a7992576f042137aa0e5894c6b2dc49e89c7c5bef339c3fa2d3dfcd940db7f7d4e66b6747df98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e9ac5225b670a77a292d810bed4f8131
SHA1 09f450cd810be30e4b8fe840c4293032a74bcbb0
SHA256 624268fdf7fb447e06e190bc583068898272062523ef1604cb2cf8f320466ea1
SHA512 a625090ce0cf244d4ceba19362a63cea2dd270b72fa5ac3d1eb1e317495421594957042babc9bc04591297b571b3c2c2b469ab36a65d3d54dbc10b319453dc94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73496004cd2bf9ff61b7f555e1e91a65
SHA1 fef145bc349cf65d82c9825ae0f26ea96aa785fd
SHA256 ba86d7dad0f2397bfa08920d7514e48d9da6da415ce40a3b08ece6918f6c356c
SHA512 19d87e4374068661835386afb2418e3b1de9660ff7e4c77b613d394e918779ac197ba1a492e69f17ebada2bdc84fcd945efd3cf8f3aa37da382a837aa0cd642a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8af3c5017d1aa1345590bc770d89923d
SHA1 dbb2e1ceb7e3a5e6805d47418c213446c0b777ec
SHA256 135cad9316013e23e5fcbda1a929944e04430df9713f4cf61dc586f12ad18485
SHA512 adbf18c99fb458cc76b61b36d3f46c20f4dcc59471bfadd2131a7992576f042137aa0e5894c6b2dc49e89c7c5bef339c3fa2d3dfcd940db7f7d4e66b6747df98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e9ac5225b670a77a292d810bed4f8131
SHA1 09f450cd810be30e4b8fe840c4293032a74bcbb0
SHA256 624268fdf7fb447e06e190bc583068898272062523ef1604cb2cf8f320466ea1
SHA512 a625090ce0cf244d4ceba19362a63cea2dd270b72fa5ac3d1eb1e317495421594957042babc9bc04591297b571b3c2c2b469ab36a65d3d54dbc10b319453dc94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54b06cd36da6a7db3e476bd3fbc99d04
SHA1 5cbf0b37434db850d90a13a07eeaceb88fff08fb
SHA256 ebb29afc0dbf9f4e5cd1f89a19b0d414a89880c6865817465bc192ddf8451b17
SHA512 89df00fb59de905af921561cb6568c9ee6d67febcfc55d5b308eeb485498da4fa9ab889d45587aa9a4ea2b91a6ad8db6bb5d352c4c3b66054448f9853e57b564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63055772eb9cbbf0f53edda2a9f8fb8d
SHA1 b6cb48f80f4c24b46ae64fe7cd15a637f52f7610
SHA256 f90b5734b2d73df0be6e50f39eb0a59b0f67c1e8c0f9486861166c683360a618
SHA512 493c3476ff8657f94cf90317f9909144751534c3f738d3d1979fad693c85539503637671808d7e19c8802e47d43e4244e79fb38de6828be26ef5e1c855f237bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54b06cd36da6a7db3e476bd3fbc99d04
SHA1 5cbf0b37434db850d90a13a07eeaceb88fff08fb
SHA256 ebb29afc0dbf9f4e5cd1f89a19b0d414a89880c6865817465bc192ddf8451b17
SHA512 89df00fb59de905af921561cb6568c9ee6d67febcfc55d5b308eeb485498da4fa9ab889d45587aa9a4ea2b91a6ad8db6bb5d352c4c3b66054448f9853e57b564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63055772eb9cbbf0f53edda2a9f8fb8d
SHA1 b6cb48f80f4c24b46ae64fe7cd15a637f52f7610
SHA256 f90b5734b2d73df0be6e50f39eb0a59b0f67c1e8c0f9486861166c683360a618
SHA512 493c3476ff8657f94cf90317f9909144751534c3f738d3d1979fad693c85539503637671808d7e19c8802e47d43e4244e79fb38de6828be26ef5e1c855f237bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e9ac5225b670a77a292d810bed4f8131
SHA1 09f450cd810be30e4b8fe840c4293032a74bcbb0
SHA256 624268fdf7fb447e06e190bc583068898272062523ef1604cb2cf8f320466ea1
SHA512 a625090ce0cf244d4ceba19362a63cea2dd270b72fa5ac3d1eb1e317495421594957042babc9bc04591297b571b3c2c2b469ab36a65d3d54dbc10b319453dc94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63055772eb9cbbf0f53edda2a9f8fb8d
SHA1 b6cb48f80f4c24b46ae64fe7cd15a637f52f7610
SHA256 f90b5734b2d73df0be6e50f39eb0a59b0f67c1e8c0f9486861166c683360a618
SHA512 493c3476ff8657f94cf90317f9909144751534c3f738d3d1979fad693c85539503637671808d7e19c8802e47d43e4244e79fb38de6828be26ef5e1c855f237bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3947ced2-4de2-48be-b448-6e0e4cfc93ca.tmp

MD5 63e9a323c44275098419e0f4ef7a6c59
SHA1 4bc2e9254f4c668e69abc6ac94dcd14d797fa91f
SHA256 b94c513e2d9d265478a5e48461273d1ec550d9f91432f6fcc0da6a1ff7be8d71
SHA512 e2d2ff29152b98ea0ac5190331aae02334f563c930bfd31d21703944b8e0b5f65c069e5078e3b1b9a958d570cd603eb1616dcbeb7c864daccd76545c7d414f12

\??\pipe\LOCAL\crashpad_1340_KYPBDVBYTRJGZWYZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 914556f1ecd35917c614ba2fca0884ba
SHA1 7c036d21363cd7f2e46663aad44d8107cf06cd14
SHA256 f8b9f6af1c828a73389afa8773ad142acad31468f5ac46d0433d84ceb909d657
SHA512 cdd3003718aee90a75643276fe3ef151311a5b1939e2f4d406352135734f1075174297b550c891f5a77f73dcfbc197d1b1af7ba3a5e053b7e22cfb99919c7138

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8af3c5017d1aa1345590bc770d89923d
SHA1 dbb2e1ceb7e3a5e6805d47418c213446c0b777ec
SHA256 135cad9316013e23e5fcbda1a929944e04430df9713f4cf61dc586f12ad18485
SHA512 adbf18c99fb458cc76b61b36d3f46c20f4dcc59471bfadd2131a7992576f042137aa0e5894c6b2dc49e89c7c5bef339c3fa2d3dfcd940db7f7d4e66b6747df98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73496004cd2bf9ff61b7f555e1e91a65
SHA1 fef145bc349cf65d82c9825ae0f26ea96aa785fd
SHA256 ba86d7dad0f2397bfa08920d7514e48d9da6da415ce40a3b08ece6918f6c356c
SHA512 19d87e4374068661835386afb2418e3b1de9660ff7e4c77b613d394e918779ac197ba1a492e69f17ebada2bdc84fcd945efd3cf8f3aa37da382a837aa0cd642a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2oC1730.exe

MD5 3a314456282eda4e75cd13793cb5344d
SHA1 26dbf8ca65982e00c5fe0fda227365c5375451df
SHA256 4230cd4e77428e5e061746f1ef4025c924c2fc355ef2bec3c1e059d1f157ef62
SHA512 3f3495b78c9661c6fb2fb1f3f2d5a0292c6064c42f9478f361281e36166d460c2234ff2712c90de46aac4dee7f4240ab60a6800ed61b573b3746d722401b2edd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 914556f1ecd35917c614ba2fca0884ba
SHA1 7c036d21363cd7f2e46663aad44d8107cf06cd14
SHA256 f8b9f6af1c828a73389afa8773ad142acad31468f5ac46d0433d84ceb909d657
SHA512 cdd3003718aee90a75643276fe3ef151311a5b1939e2f4d406352135734f1075174297b550c891f5a77f73dcfbc197d1b1af7ba3a5e053b7e22cfb99919c7138

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2oC1730.exe

MD5 3a314456282eda4e75cd13793cb5344d
SHA1 26dbf8ca65982e00c5fe0fda227365c5375451df
SHA256 4230cd4e77428e5e061746f1ef4025c924c2fc355ef2bec3c1e059d1f157ef62
SHA512 3f3495b78c9661c6fb2fb1f3f2d5a0292c6064c42f9478f361281e36166d460c2234ff2712c90de46aac4dee7f4240ab60a6800ed61b573b3746d722401b2edd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24ae2e55c3d24e419e3337e7d634c1eb
SHA1 f3182755ab0b30d352c14b7f48179c4130952976
SHA256 883617d445112d0b8c6846091b9a3fab89855de4608768da951e760c85bc9bbe
SHA512 21233d027ffdee7fd15eb906981d3461ec4a22a23964b10fd05fa87f0f480e1cd2803907e9634b6bdcf97bf9438a3a29727673888ca7768d2b8ec896a7309473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54b06cd36da6a7db3e476bd3fbc99d04
SHA1 5cbf0b37434db850d90a13a07eeaceb88fff08fb
SHA256 ebb29afc0dbf9f4e5cd1f89a19b0d414a89880c6865817465bc192ddf8451b17
SHA512 89df00fb59de905af921561cb6568c9ee6d67febcfc55d5b308eeb485498da4fa9ab889d45587aa9a4ea2b91a6ad8db6bb5d352c4c3b66054448f9853e57b564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b94d6b591270ab084f678b7eb9a704d2
SHA1 4211d9e539d4146a1f19770b7b49aa35911bc61e
SHA256 980e7ad764ae1b913fb28e23fff478b85414b8184b526f633eae51711d43a9e3
SHA512 19fedd6ad5e23933a36040f28530c04676661a7d1a52e0e16627dfbcb698f611618e24b01c6c5c2eeb316057bfd27926e87a19d7f9fb9ea43aa5a1e1bd94fae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

memory/7368-292-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/7368-295-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3xm79cw.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/7440-298-0x0000000000400000-0x000000000040B000-memory.dmp

memory/7368-297-0x0000000000400000-0x0000000000433000-memory.dmp

memory/7368-300-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3300-328-0x0000000007900000-0x0000000007916000-memory.dmp

memory/7440-329-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/2368-388-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a5b49dc97aa177e7638e1625f10942a0
SHA1 64521bc91b77692be9b175a62bc635d032ecb480
SHA256 02425133639bb7e86288da2df9a33ca546e3769990a786e50264f14142f7b63b
SHA512 8e144d34e36036c32b2e713c08a26e405f2376458fa429d86c7a088aa50d6d7a04d64a4df6ee87bcc20ba996b3079dc1082687a94235bd3ed075a3f4b1fda665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b689.TMP

MD5 37f71a32104aff734aa1177fb1fff6be
SHA1 1d3dd6a39764fefe6768332a75ec0d586fb50bfe
SHA256 f156cae9f2acef7497f80bd72a12874a2ad6e95545a95b7ad1ee732f02c4370a
SHA512 5b088587717a3e2872632464252c591368d5001f230e031f8368effb2d9d8dd9f4a2a5798f2b60132f84ea7fdf8e8a809dfc8cca17bbc0b43fde6e0e34f9e05a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f24dcc5d07406927eb3717525d86ca7d
SHA1 84bac6a83556603f2147df301fad80f29755919b
SHA256 b87738ddff34679e94d6de6083be73774df89a45ee9d3586f1a326e6292a579f
SHA512 e1543fefa2fe1891d8e0d95922edac2f5a84188619abdcd7fd96239f43321d55aff059194aedc57438dddcad804885c2ccce0abd115875f7606f4a2e6cd7b43d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/2368-537-0x0000000074660000-0x0000000074E10000-memory.dmp

memory/2368-542-0x0000000007A30000-0x0000000007FD4000-memory.dmp

memory/2368-543-0x0000000007520000-0x00000000075B2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39b534be506d9b60dbbaae6b5bd19fad
SHA1 629d35d4454be45a37bb83605f63c6e4b81668fc
SHA256 9d1e19bf4d43a213ae34a425c09e6b4091bb35a3f841f5ad10f898118b6bed56
SHA512 f829535d9465fff6c4aecdb04122c342e2aa0d948fe439bfc0ef2eadcfea0058f871509ef29d22068ebe0f3438300eb3b33f38b84e359af7765383101414f581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 d1b8259323b2659d3120f74f6ce4f5e2
SHA1 9e643412cf0c7f8f1bb36fbe3c490fb0d24327d7
SHA256 c365fc849d759f199576075be7442e7e122199ed8253c532ce08f29ee55feedf
SHA512 206234c9ed0adc5013be170b0b3601d28b748691cac764fc158464615226b50a8f11c394a66588a18f5391535ec2b9069f927c06d2532901e8c04a4a6c5b0c6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58f642.TMP

MD5 c7111f603e9b51f0d44c8313e716bf84
SHA1 9791420d53f16a860d8c1504b7f996eb30f0df11
SHA256 1053c9ad04edf2dbdd349d9202676b080bb5691ed79106d14e6f673e3d7c5d49
SHA512 7b2135a081cf8b7ce8d56947783820c7446b4fc1cafac4178dddec68a6ef310819778361dbc298e37e80e3fd57b11fdf72514b474f5b7962e49e0cbface185d6

memory/2368-640-0x00000000077B0000-0x00000000077C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

memory/2368-713-0x00000000075C0000-0x00000000075CA000-memory.dmp

memory/2368-718-0x0000000008600000-0x0000000008C18000-memory.dmp

memory/2368-719-0x00000000078D0000-0x00000000079DA000-memory.dmp

memory/6392-721-0x00000000006E0000-0x00000000006FE000-memory.dmp

memory/2368-720-0x00000000077C0000-0x00000000077D2000-memory.dmp

memory/6392-722-0x0000000074660000-0x0000000074E10000-memory.dmp

memory/2368-723-0x0000000007820000-0x000000000785C000-memory.dmp

memory/2968-724-0x0000000000540000-0x000000000059A000-memory.dmp

memory/2968-726-0x0000000000400000-0x000000000046F000-memory.dmp

memory/2368-725-0x0000000007860000-0x00000000078AC000-memory.dmp

memory/6392-729-0x0000000004F50000-0x0000000004F60000-memory.dmp

memory/2968-731-0x0000000074660000-0x0000000074E10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04db8ebebffc85d0e541c6021bdfd822
SHA1 0de191af884eeb45e5cc8b5702cf2d82bd418f55
SHA256 07391d2eb784d2d8a73c5525955cfabe97888b004c98dc8d54d5d45a794cdbda
SHA512 b2f5413c95fce3f11cfc0c72380179cc7339abf66a89aa536c62e654cc9ee71b1e47fb3a9bec7e6313153fb2bc6eaa8e883871d3ab31d4c5c158751dd678e680

memory/2368-763-0x0000000074660000-0x0000000074E10000-memory.dmp

memory/2368-766-0x00000000077B0000-0x00000000077C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 124a27e70a712374e041fdd95ab21d6a
SHA1 40eb998d6df908a50525269e587bc905206dc4de
SHA256 d62430d7048193b48ff3c11aca85e4728c6065684bb16095d8c4068245f96be1
SHA512 d9ec0090987f1f0b5f6625397d035ea1d59a5eed8a79dcb7d2bcea3f9fc78f9632efb32373744d4905912f8d7896887e0b9ef58fa78c52abf84bd1e3f15f2a0d

memory/6392-782-0x0000000074660000-0x0000000074E10000-memory.dmp

memory/6392-787-0x0000000004F50000-0x0000000004F60000-memory.dmp

memory/2968-788-0x0000000074660000-0x0000000074E10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4cda61ce411c0f61d94556ed91f53c2b
SHA1 5b1d8da885982c50a7ad6c8ca69e2ef9f15cea7e
SHA256 4b63888e4fed8c3659715a7c2e0d8fd2e308b8ba9ceb1d21286ac9fe7c26aa99
SHA512 0dc2c9efecaa2b297dcf3fc248ac30d4a3cfd3095698a38b296968bd2396e978fc0c7837689c45cd0efa8a8187d5e73bc14435bad95facc69563388224c24618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5965a6.TMP

MD5 ef09d0644f224691cd52a5e04f478b3a
SHA1 d3ab944e74e18a618173484c198ab49a2b12201f
SHA256 9503567946f60cd9af8013b84ebd94f471cdd3db22b7de2e2ff234491bc99cdd
SHA512 ced6e5b4859d7ae4417197191f768451e1763bbd2b697b87ef255ff17778fc660ba9d1dbf4770ae2eadce585d58a8f36a95eaf656d28184ed5655cdce5e20316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b25f84d7d4eade49bd3bb2d5449651be
SHA1 716d015602967c57a53c66b3c84f3a947f6858b0
SHA256 511c5f4305855abb48bcc6e4b57796c28ff2b48c2da35e873d8165091a7678bc
SHA512 f6b77a42ffef617a87fb922c8895bb4d96147d9ee664d3e07cd2011690dfed643ef7c88df64c2160b549661338dd50f5947c64834096ec393c3d5c5cf62080f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\23c75a11-f573-47e6-8127-d9249ed23e19\index-dir\the-real-index

MD5 b165a347298e641b0a1efe4fb32cf7eb
SHA1 63ebb11b552f255f1c6afcace01634b162490612
SHA256 b944b062e944d5529a3152643a1d9245d010aadec6648b6c18b98418949a8f56
SHA512 fcc3addafa6e25787303e1a8412352248473cfc406b9105680dad9259a32b44b6fee9fe052a7f87580257960a8508ae14ed901d795d3e1f92503885480161621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\23c75a11-f573-47e6-8127-d9249ed23e19\index-dir\the-real-index~RFe599253.TMP

MD5 6f20a20cf40650ab3fe977c7181928f2
SHA1 3f0dc43d8879b6e47c3250acf9f912361c20907b
SHA256 3537af1a66e332b33e8fc2db2269ee38fed60aa72df559fe7f9ae6e0cbe58a4b
SHA512 699f0a8b527f2453f21acec5443ddff7d4feb0729a9b419331ea427ffb859d8a630ab966048574c06d40e0c3f24523334f50e2a096911ffbd41b4be0f4c60683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 4da555e54bd0b8846b03800621caff61
SHA1 78826ccc1154de441145ff81035bbdb44dbf10ce
SHA256 bdadb7e08445bb30ec7f4d11316c5b287567c4f0a4656cf87f58326c3df7af84
SHA512 b42c24745982ac57d443177235144362e5f0efe026908072c1af6c7356d7228f8e036c5494187f7b0e1339a2d90d818ae291c35b7f1cc711fc45cc1111df486f

memory/7704-875-0x0000000000950000-0x00000000015EA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\34d56c06-18b2-4da1-bd30-d579f208e33c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

memory/7704-863-0x0000000074660000-0x0000000074E10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599b0d.TMP

MD5 9f8763069ffa9bd977ea28589b798b0b
SHA1 9d76154525bc132460b194a7cef4510dbae0b029
SHA256 d5be4a952c7388bd7df62df6a1346c93acf524a7f3d4e64e6fc8d912e7e0ce2b
SHA512 87cd391c308e531c2e23333267684dd115262a895b98199d63cb3a76b7b9b69d8ae2cffac1841665d1d32b2d475a43f9deb3847867bc43bd81c7dc67e1a08c97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 619648c68d888ac2802dc04e83b12b8b
SHA1 16367fb18172e38c01d6b4f63ecb1bda7c9da370
SHA256 484ae2f8cbd58f6e9dfa76a4e79d25f7e0eb14e0add919e275ca0fc80a9d4628
SHA512 61494dcd9e398d7b36230baf7cc1c825c0dc18ed3e9e5827a4a22bee485ee7098893f15d895f86db474bb18831639796ac247c043f63f7a4a8ca6a104d74e686

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8199c5171a987dd10619ec563b511966
SHA1 aef65dfe1ad9ed9e99a0480e0e6f916a031795a3
SHA256 1da4dfdd62da5ae2554dae4d2ef9ec48ee11d98c32a244f75a67a37b6479ef69
SHA512 1cf654d2895a6bfb82e9429a8c3012ecb2769b7ff7fe593f427967ce2321f7e47806ea963b4ddb3ecb0bdfbd0d09322f932b65915c2dbfaf28fb97650062bd1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c081f68919263816f848f8cee4ee315
SHA1 94257c242b711b8fcb04f0a063a8546a0b0b30c3
SHA256 4e8e8026a277dca6dd1b7c83a31a8d2bd4755f726793ac14dc9ea3547821a9a6
SHA512 e215ff4573143cab5e7e5c0a5c95f3804d9ba6e9ef8030d300b4f5a7d84afcb2e90ff00a984b467ed2d675adcac12b326de7a2b73bf6c74e5040f3266f149f77

memory/5516-937-0x0000024076570000-0x000002407665E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/5516-947-0x0000024078AC0000-0x0000024078BA0000-memory.dmp

memory/5516-949-0x0000024078C40000-0x0000024078D20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/5516-958-0x0000024078BC0000-0x0000024078BD0000-memory.dmp

memory/5516-952-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/5516-960-0x0000024078D20000-0x0000024078DE8000-memory.dmp

memory/5516-963-0x0000024078EF0000-0x0000024078FB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/5516-973-0x0000024078280000-0x00000240782CC000-memory.dmp

memory/2968-976-0x0000000074660000-0x0000000074E10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/7704-988-0x0000000074660000-0x0000000074E10000-memory.dmp

memory/6192-990-0x00000134A93B0000-0x00000134A94B0000-memory.dmp

memory/6192-991-0x00000134A94C0000-0x00000134A94D0000-memory.dmp

memory/6192-989-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/6192-987-0x000001348EF40000-0x000001348EFE2000-memory.dmp

memory/1172-993-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/5544-992-0x0000000002830000-0x0000000002831000-memory.dmp

memory/1172-995-0x000001BF700D0000-0x000001BF701B4000-memory.dmp

memory/1172-997-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/1172-998-0x000001BF6F9C0000-0x000001BF6F9D0000-memory.dmp

memory/5516-996-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/1172-999-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1000-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1002-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1004-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/6192-1005-0x0000013490C80000-0x0000013490CD6000-memory.dmp

memory/1172-1007-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1009-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1011-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1023-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e20e64cf3d01fe4a5521b06b9de8a3b1
SHA1 ae58b2ac2d6dd3ec3524a50ecf6bd27c8abc3cb2
SHA256 6a550ccfb2b52db7c20012c3c430b56ef8c2d3f21b47dd26887be3d5d952b7c7
SHA512 0bcf3d4e71d99e3204910feb8c398603893a1b982a7e8ea7e6b6447aafc8a1e65c30601834e20604a217df45909ec1ced4217c7acafa500bc688c238d182c731

memory/6192-1027-0x00000134A9590000-0x00000134A95E4000-memory.dmp

memory/1172-1028-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1031-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1033-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1035-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1037-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1039-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1041-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1044-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1046-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1048-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1050-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1052-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1054-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1056-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1058-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1060-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/1172-1062-0x000001BF700D0000-0x000001BF701B1000-memory.dmp

memory/7468-1075-0x0000000000400000-0x0000000000409000-memory.dmp

memory/1776-1074-0x00000000023D0000-0x00000000023D9000-memory.dmp

memory/1776-1072-0x0000000000850000-0x0000000000950000-memory.dmp

memory/3804-1111-0x0000000002A60000-0x0000000002E62000-memory.dmp

memory/3804-1115-0x0000000002E70000-0x000000000375B000-memory.dmp

memory/3804-1148-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/7468-1229-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6192-1835-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/6192-2142-0x00000134A94C0000-0x00000134A94D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4555b5f98548e1cfe4a55d01f253ed11
SHA1 2439ccd0935de2c888099ff9c0bcd585232a2558
SHA256 4eb3a493e545586e913ed213276d14da1630ab916c75d4cd7b0e664ebb574047
SHA512 745904451e1c22c823868925d0590d892f26dff9ed7816a9d2fcc53222295cbf575724510c0be4b19bc9201d7a8173d7c30ffe326a8104a83d52dc998da522fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 375e7ce121fd491c89aae4851136f545
SHA1 a402008f7a7043d90c82da550557e5483723d4e2
SHA256 bb8097882afece11e3c13cc52bf27d45d58e26cb837685f3d9c5419acfc52ba7
SHA512 0f81a4b2779667d9e01755ffc5a69d326718433470e34cd0fdad29d5e7b64dc58b1c5cec5d2b69e635230aa2ec06ff0a10bb7844ea686b6297990800b95a2f0e

memory/5544-2556-0x0000000002830000-0x0000000002831000-memory.dmp

memory/1172-2854-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/1172-2856-0x000001BF6F9C0000-0x000001BF6F9D0000-memory.dmp

memory/6192-3028-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/5588-3040-0x00007FFDDD760000-0x00007FFDDE221000-memory.dmp

memory/5588-3042-0x0000021E7B450000-0x0000021E7B460000-memory.dmp

memory/5588-3044-0x0000021E7B450000-0x0000021E7B460000-memory.dmp

memory/5588-3113-0x0000021E7B3C0000-0x0000021E7B3E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_aj1nnn50.ckf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5588-3129-0x0000021E7B450000-0x0000021E7B460000-memory.dmp

memory/3804-3127-0x0000000002A60000-0x0000000002E62000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52013af6190658f0ee92acfaef68620d
SHA1 802efed35ffb901322787e9bcaaafd68e105a2f5
SHA256 be85bb002cfc2a295ce08ececd2ef607c86c1335337d7e967a3051b941d08c72
SHA512 cc3592f8943b3260f878692912fa7d7d3c07edb2c4a292faa5fe233735ede0e684240f9f84c60bf8cf06fe9613fc10702733d1598edfc273a9895d7775a06d53